• caglararli@hotmail.com
  • 05386281520

How to crack AES-based Kerberos TGS tickets (Kerberoasting)?

Çağlar Arlı      -    24 Views

How to crack AES-based Kerberos TGS tickets (Kerberoasting)?

All material I can find is related to RC4-based Kerberos TGS tickets, since these are easier to crack to obtain the service account's password.

However, I want to attempt to crack AES-based Kerberos TGS tickets using a short wordlist.

Looking at Hashcat, it only supports etype23, which is rc4-hmac (deprecated)

Kerberos Parameters

Anyone with experience?

TYPE: Kerberos 5 TGS-REP etype 23
HASH: $krb5tgs$23$*user$realm$test/spn*$b548e10f5694ae018d7ad63c257af7dc$35e8e45658860bc31a859b41a08989265f4ef8afd75652
ab4d7a30ef151bf6350d879ae189a8cb769e01fa573c6315232b37e4bcad9105520640a781e5fd85c09615e78267e494f433f067cc6958200a82f70
627ce0eebc2ac445729c2a8a0255dc3ede2c4973d2d93ac8c1a56b26444df300cb93045d05ff2326affaa3ae97f5cd866c14b78a459f0933a550e0b
6507bf8af27c2391ef69fbdd649dd059a4b9ae2440edd96c82479645ccdb06bae0eead3b7f639178a90cf24d9a