Kerberoasting
Several tools can be utilized to perform the attack:
Impacket’s GetUserSPNs.py from a non-domain joined Linux host.
A combination of the built-in setspn.exe Windows binary, PowerShell, and Mimikatz.
From Windows, utilizing tools such as PowerView, Rubeus, and other PowerShell scripts.
A prerequisite to performing Kerberoasting attacks is either domain user credentials (cleartext or just an NTLM hash if using Impacket), a shell in the context of a domain user, or account such as SYSTEM. Once we have this level of access, we can start. We must also know which host in the domain is a Domain Controller so we can query it.
Last updated