top of page
Search

Kerberoasting : An AD Attack

  • Writer: Strider Gearhead
    Strider Gearhead
  • Jul 9, 2023
  • 1 min read

OVERVIEW:

The diagram which is given below shows how Kerberos works.

Now as we can see in the diagram, the user will:


ree

Kerberoas Working

  1. Request for the TGT(Ticket Granting Ticket) to the Domain controller and to authenticate itself, it will provide it’s NTLM Hash.

  2. Now the Domain Controller will authenticate the user and then the user will receive the TGT(Ticket Granting Ticket) which is encoded with krbtgt(Kerberos Ticket Granting Ticket) Hash.

  3. Now the User will request to the Domain Controller for the TGS(Ticket Granting service) for the server and it will also presents it’s TGT(Ticket Granting Ticket) to the Domain Controller.

  4. Now the User will receive the TGS(Ticket Granting Service) which is encoded with server’s account hash from the Domain Controller.

  5. Now the User will present the TGS(Ticket Granting Service) encoded with server’s account hash for the service.

  6. Now the application server will authenticate the user by decrypting that server’s account hash and send back the response to the User.

The point number 5 and 6 are not important in Kerberoasting but we understand why it happens, we understood the whole concept.
At point number 4, the Kerberoasting stops. Step 1: Get SPNs(Service Principle Name), Dump Hash


If you want to read the full blog, Click here 👇



 
 
 

Comments

bottom of page