🐕🦺Attacking Kerberos
https://tryhackme.com/room/attackingkerberos
Enumeration w/ Kerbrute
Start by enumerating with kerbrute:
Harvesting & Brute-Forcing Tickets w/ Rubeus
Rubeus can both brute force passwords as well as password spray user accounts. When brute-forcing passwords you use a single user account and a wordlist of passwords to see which password works for that given user account
Kerberoasting w/ Rubeus & Impacket
Kerberoasting allows a user to request a service ticket for any service with a registered SPN then use that ticket to crack the service password. If the service has a registered SPN then it can be Kerberoastable however the success of the attack depends on how strong the password is and if it is trackable as well as the privileges of the cracked service account. To enumerate Kerberoastable accounts I would suggest a tool like BloodHound to find all Kerberoastable accounts, it will allow you to see what kind of accounts you can kerberoast if they are domain admins, and what kind of connections they have to the rest of the domain.
Last updated
