ksetup.exe

  • File Path: C:\Windows\SysWOW64\ksetup.exe
  • Description: Kerberos Setup tool

Hashes

Type Hash
MD5 3C4241E6A8FC2288378D07CD378DF42C
SHA1 207BB73474EA60F1EF2DAE901E43D789E8B29A95
SHA256 83B79562A118524EF74F15B264E50AEB5307BDDA765F5413AADDB894ED742DA5
SHA384 CDEC9087E4B8A30DDA89052DB6255C356BB8D842784D15099F46E9A57009ED9B3C3F89EAB3654F8A76B0D493BC86FA6C
SHA512 39570A9F77D812BB5442619CC104A7C9E561C0D9D5563D23A74AED1D7A4C083C067581FCEE79AE3E5E3D33A6FBA16DC18F6968B1A4EDBAE180F00842120E3E24
SSDEEP 768:x0twZ+bFWzclX3uV/+YvdT7iwrZVFx4ZVrjqe6td2dIpg:xj+b4olX3C+AdT7iw1VFx4XfOtduIpg
IMP EA5012A878F0C2120889BBC97F54D267
PESHA1 9CC3E72235CD9B59E46FE623CCCBAB680C2D36F1
PE256 39CD6B6FC45E2CD38DC694A7BBA5A9283A778E2A95CF8F689796CF323F08E9CC

Runtime Data

Usage (stdout):


USAGE:
/SetRealm <DnsDomainName>
	Makes this computer a member of an RFC1510 Kerberos Realm
/MapUser <Principal> [Account]
	Maps a Kerberos Principal ('*' = any principal)
	to an account ('*' = an account by same name);
	If account name is omitted, mapping is deleted 
	for the specified principal
/AddKdc <RealmName> [KdcName]
	Defines a KDC entry for the given realm.
	If KdcName omitted, DNS may be used to locate KDCs.
/DelKdc <RealmName> [KdcName]
	deletes a KDC entry for the realm.
	If KdcName omitted, the realm entry itself is deleted.
/AddKpasswd <Realmname> <KpasswdName>
	Add Kpasswd server address for a realm
/DelKpasswd <Realmname> <KpasswdName>
	Delete Kpasswd server address for a realm
/Server <Servername>
	specify name of a Windows machine to target the changes.
/SetComputerPassword <Password>
	Sets the password for the computer's domain account
	(or host principal)
/RemoveRealm <RealmName>
	delete all information for this realm from the registry.
/Domain [DomainName]
	use this domain (if DomainName is unspecified, detect it)
/ChangePassword <OldPasswd> <NewPasswd>
	Use Kpasswd to change the logged-on user's password.
	Use '*' to be prompted for passwords.
/ListRealmFlags (no args)
	Lists the available Realm flags that ksetup knows
/SetRealmFlags <realm> <flag> [flag] [flag] [...]
	Sets RealmFlags for a specific realm
/AddRealmFlags <realm> <flag> [flag] [flag] [...]
	Adds additional RealmFlags to a realm
/DelRealmFlags <realm> <flag> [flag] [flag] [...]
	Deletes RealmFlags from a realm.
/DumpState (no args)
	Analyze the kerberos configuration on the given machine.
/AddHostToRealmMap <host> <realm>
	Adds a mapping for <host> to <realm> to the registry.
/DelHostToRealmMap <host> <realm>
	Deletes existing mapping for <host> to <realm> from the registry.
/SetEncTypeAttr <domainname> <enctypes>
	Sets the encryption types trust attribute for <domain> to <enctypes> (multiple types should be separated by spaces).
	Supported encryption types are:
	  DES-CBC-CRC, DES-CBC-MD5, RC4-HMAC-MD5, 
	  AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96
/GetEncTypeAttr <domainname>
	Gets the encryption types trust attribute for <domain>.
/AddEncTypeAttr <domainname> <enctypes>
	Adds <enctypes> to the encryption types trust attribute for <domain> (multiple types should be separated by spaces).
/DelEncTypeAttr <domainname>
	Deletes the encryption types trust attribute for <domain>.

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\ksetup.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: ksetup.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/64
  • VirusTotal Link: https://www.virustotal.com/gui/file/83b79562a118524ef74f15b264e50aeb5307bdda765f5413aaddb894ed742da5/detection/

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


ksetup

Performs tasks related to setting up and maintaining Kerberos protocol and the Key Distribution Center (KDC) to support Kerberos realms. Specifically, this command is used to:

  • Change the computer settings for locating Kerberos realms. In non-Microsoft, Kerberos–based implementations, this information is usually kept in the Krb5.conf file. In Windows Server operating systems, it’s kept in the registry. You can use this tool to modify these settings. These settings are used by workstations to locate Kerberos realms and by domain controllers to locate Kerberos realms for cross-realm trust relationships.

  • Initialize registry keys that the Kerberos Security Support Provider (SSP) uses to locate a KDC for the Kerberos realm, if the computer is isn’t a member of a Windows domain. After configuration, the user of a client computer running the Windows operating system can log on to accounts in the Kerberos realm.

  • Search the registry for the domain name of the user’s realm and then resolves the name to an IP address by querying a DNS server. The Kerberos protocol can use DNS to locate KDCs by using only the realm name, but it must be specially configured to do so.

Syntax

ksetup
[/setrealm <DNSdomainname>]
[/mapuser <principal> <account>]
[/addkdc <realmname> <KDCname>]
[/delkdc <realmname> <KDCname>]
[/addkpasswd <realmname> <KDCPasswordName>]
[/delkpasswd <realmname> <KDCPasswordName>]
[/server <servername>]
[/setcomputerpassword <password>]
[/removerealm <realmname>]
[/domain <domainname>]
[/changepassword <oldpassword> <newpassword>]
[/listrealmflags]
[/setrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]]
[/addrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]]
[/delrealmflags [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]]
[/dumpstate]
[/addhosttorealmmap] <hostname> <realmname>]
[/delhosttorealmmap] <hostname> <realmname>]
[/setenctypeattr] <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MD5 | AES128-CTS-HMAC-SHA1-96 | AES256-CTS-HMAC-SHA1-96}
[/getenctypeattr] <domainname>
[/addenctypeattr] <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MD5 | AES128-CTS-HMAC-SHA1-96 | AES256-CTS-HMAC-SHA1-96}
[/delenctypeattr] <domainname>

Parameters

Parameter Description
ksetup setrealm Makes this computer a member of a Kerberos realm.
ksetup addkdc Defines a KDC entry for the given realm.
ksetup delkdc Deletes a KDC entry for the realm.
ksetup addkpasswd Adds a kpasswd server address for a realm.
ksetup delkpasswd Deletes a kpasswd server address for a realm.
ksetup server Allows you to specify the name of a Windows computer on which to apply the changes.
ksetup setcomputerpassword Sets the password for the computer’s domain account (or host principal).
ksetup removerealm Deletes all information for the specified realm from the registry.
ksetup domain Allows you to specify a domain (if the <domainname> hasn’t already been set by the /domain parameter).
ksetup changepassword Allows you to use the kpasswd to change the logged on user’s password.
ksetup listrealmflags Lists the available realm flags that ksetup can detect.
ksetup setrealmflags Sets realm flags for a specific realm.
ksetup addrealmflags Adds additional realm flags to a realm.
ksetup delrealmflags Deletes realm flags from a realm.
ksetup dumpstate Analyzes the Kerberos configuration on the given computer. Adds a host to realm mapping to the registry.
ksetup addhosttorealmmap Adds a registry value to map the host to the Kerberos realm.
ksetup delhosttorealmmap Deletes the registry value that mapped the host computer to the Kerberos realm.
ksetup setenctypeattr Sets one or more encryption types trust attributes for the domain.
ksetup getenctypeattr Gets the encryption types trust attribute for the domain.
ksetup addenctypeattr Adds encryption types to the encryption types trust attribute for the domain.
ksetup delenctypeattr Deletes the encryption types trust attribute for the domain.
/? Displays Help at the command prompt.

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.