Distinguished Name
and Service Principal Name
attributes of the target object after setSpn
option is selected.http/whatever
is added to servicePrincipalName
attribute or not.GetUserSPNs.py
and john
(or whatever you are using), password of the target user will be obtained. addAsRepRoasting
option and specify Distinguished Name
of target object. GetNPUsers.py
we can list and get TGTs
in the John The Ripper
format for cracking.Distinguished Name
of target computers, use searchHost
option. So that DN
attribute value of sec560student
computer is obtained by typing sec
.addUnconstrained
option , Trust this computer for delegation to any service (Kerberos only)
can be set for Delegation
. addConstrained
option can be used to modify user account for the constrained Kerberos delegation attack. For example, cn=test user,cn=Users,dc=kandemir,dc=local
user account can be delegated to access HOST
service of a Domain Controller (another computer account could be selected too).addConstrained
option can be used to modify a computer account that has been obtained access with local administrator privilege (high mandatory level) for the constrained Kerberos delegation attack. For example, CN=SEC560STUDENT,CN=Computers,DC=kandemir,DC=local computer
account can be delegated to access HOST
service of a Domain Controller (another computer account could be selected too).