search

Kerberoasting

Kerberoasting takes advantage of the way the Kerberos protocol works in Active Directory environments. Read up on it herearrow-up-right, herearrow-up-right, and herearrow-up-right.

Any authenticated member of a domain can take advantage of this attack. To perform the attack, we use the impacket script GetUsersSPNs.py. You can find this on the default Kali by searching in the /usr/doc/python3-impacket/examples/ folder.

python3 GetUsersSPNs.py -request -dc-ip 10.0.0.1 acme.corp/victim_user

  • 10.0.0.1 = The IP of the domain controller

  • acme.corp = The domain (you will run into issues on this step, it is local for the formal name of the domain, so I can’t just use ACME for example)

  • victim_user = The user I compromised.

PreviousCME/NXC CheatsheetNextAS-REP Roasting

Last updated