From the course: Complete Guide to Penetration Testing

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Carry out a Kerberos roasting

Carry out a Kerberos roasting

From the course: Complete Guide to Penetration Testing

Start my 1-month free trial Buy for my team

Carry out a Kerberos roasting

- [Instructor] One of the account options in Active Directory does not require Kerberos pre-authentication. If this is set, we can use the Impacket exploit GetNPUsers to extract the authentication details. We can run this even without domain access. We've got Impacket installed already, so let's run this against our Active Directory server and see if anyone has this attribute set, cd /usr/share/doc/python3-impacket/examplesm and we'll run python3 GetNPUsers.py and our domain is cybex. dc-ip is 192.168.1.199. Our usersfile, I've set up in my home directory in a file called unames, and we'll produce a file in hashcat format minus format hashcat. And we very quickly get nstove07's password hash returned. I've already stored that in a file called nhash, so let's run that through John the Ripper. I go back to my home directory and john nhash minus minus wordlist equals /usr/share/wordlists/rockyou.txt. And we very quickly get nstove07's password of password01.

Contents