targetedKerberoast: Kerberoast with ACL abuse capabilities
targetedKerberoast
targetedKerberoast is a Python script that can, like many others (e.g. GetUserSPNs.py), print “kerberoast” hashes for user accounts that have an SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one (abuse of write permission on the servicePrincipalName attribute), print the “kerberoast” hash, and delete the temporary SPN set for that operation. This is called targeted Kerberoasting. This tool can be used against all users of a domain or supplied in a list, or one user-supplied in the CLI.
Install
git clone https://github.com/ShutdownRepo/targetedKerberoast.git
pip install -r requirements.txt
Use
This tool supports the following authentications
- (NTLM) Cleartext password
- (NTLM) Pass-the-hash
- (Kerberos) Cleartext password
- (Kerberos) Pass-the-key / Overpass-the-hash
- (Kerberos) Pass-the-cache (type of Pass-the-ticket)
Source: https://github.com/ShutdownRepo/