Ctrlk

Kerberoasting

Attack

https://medium.com/@Shorty420/kerberoasting-9108477279cc

If we have domain creds, we can request a TGT - we get TGT, request TGS - KDC will send back TGS (this is what we need, includes hash of services account)

GetUserSPNs.py

$ python GetUserSPNs.py [domain]/[username]:[password] -dc-ip [dc-ip] -request

Defense

Strong Passwords

Least Privilege

PreviousPass Attacks NextToken Impersonation

Last updated 4 days ago