Test for Kerberoasting
checklist
Summary
Requires valid creds; prioritize accounts in privileged groups.
Walkthrough
Request service tickets for SPN-enabled accounts and dump them for offline cracking. A hit yields a $krb5tgs$ hash that may crack to a service-account password.
Commands
bash
netexec ldap <IP> -u <USER> -p '<PASS>' --kerberoasting hashes.txt