https://leikah.haoyingcao.xyz/en/tags/kerberoasting/Recent content in Kerberoasting on LEIKAHHugoenhttps://leikah.haoyingcao.xyz/en/docs/active_directory/movement/kerberos/kerberoast/Mon, 01 Jan 0001 00:00:00 +0000https://leikah.haoyingcao.xyz/en/docs/active_directory/movement/kerberos/kerberoast/<p>Kerberoasting is a privilege escalation technique for Active Directory credited to security researcher Tim Medin, who presented the attack back in 2014. The attack targets domain accounts with <strong>Service Principal Names (SPN)</strong>, which are unique identifiers that Kerberos uses to map a service to a domain service account in whose context the service is running.</p> <h2 id="theory">Theory<a class="td-heading-self-link" href="#theory" aria-label="Heading self-link"></a></h2> <p>Once the user completes pre-authentication, the Kerberos KDC (Key Distribution Center) issues the user a Ticket Granting Ticket (TGT). The user can then use the TGT to obtain a <strong>service ticket</strong> from the Ticket Granting Service (TGS) at the KDC. The service ticket is issued for a particular service principal, whose password hash is used to encrypt the service ticket. Users can then use the service ticket to authenticate to the service principal to access the service.</p>