Kerberoasting is an attack that involves requesting service tickets for service accounts from a Kerberos service, extracting the service tickets, and attempting to crack them offline to retrieve the plaintext passwords.
Understanding Kerberoasting:
Purpose: To obtain service account passwords by cracking the encrypted service tickets (TGS tickets) offline.
Service Principal Names (SPNs): SPNs are used in Kerberos authentication to uniquely identify a service instance.
Command Breakdown:
setspn.exe -Q /: This command queries all SPNs in the domain.
Use Case: Identifying accounts with SPNs that can be targeted for Kerberoasting.
Kerberoasting Steps:
Identify SPNs: Use setspn.exe to list service accounts with SPNs.
Request TGS Tickets: Request TGS tickets for the identified SPNs.
Extract Tickets: Use tools like Mimikatz to extract the service tickets.
Crack Tickets: Use password cracking tools like Hashcat to crack the extracted tickets offline.
References from Pentesting Literature:
Kerberoasting is a well-documented attack method in penetration testing guides, specifically targeting service accounts in Active Directory environments.
HTB write-ups often detail the use of Kerberoasting for gaining credentials from service accounts.
Step-by-Step ExplanationReferences:
Penetration Testing - A Hands-on Introduction to Hacking
HTB Official Writeups
=================
