Kerberoasting
Kerberoasting is the method of obtaining the TGS for a service and then cracking the ticket to guess the password of the service account. For e.g. in order to access an IIS service hosted within a domain, we can get the TGS from the AD and then guess the password of the IIS service account.
We will do that using Rubeus,
The output of this command will be a hash file that can be cracked using hashcat using the following command,
We can also perform the same exercise from Linux using Impacket. We will need the domain and the username that is active within the domain. The following command can be used,
The output can once again be cracked using hashcat.
Last updated