Targeted Kerberoasting

The above technique can be used if we have any of the below access rights over the target.

The rights GenericWrite, WriteProperty or Validated-SPN over the target.

Below an explanation from the repository.

... for each user without SPNs, it tries to set one (abuse of a write permission on the servicePrincipalName attribute), print the "kerberoast" hash, and delete the temporary SPN set for that operation. This is called targeted Kerberoasting.

python3 ~/tools/ad/targetedKerberoast/targetedKerberoast.py -v -d 'offsec.local' -u 'controlledUser' -p 'password'

GitHub - ShutdownRepo/targetedKerberoast: Kerberoast with ACL abuse capabilitiesGitHub

PreviousShadow Credentials

Last updated 1 year ago