Learn Active Directory Kerberoasting
ฝัง
- เผยแพร่เมื่อ 5 ก.ย. 2024
- jh.live/altere... || Learn on-premise Active Directory & Azure Active Directory penetration testing and get certified with Altered Security! jh.live/altere...
🔥 TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
![[Attack]tive Directory: Compromising a Network in 20 Minutes Through Active Directory](/img/n.gif)
This guy is unstoppable, never misses a video, so damn consistent,❤
as a CRTE and CARTP holder, im glad to see alteredsec sponsoring the video. hopefully we'll see the certs appear on more job posting.
So by just getting a user on a domain you can get the TGT and TGS from the domain controller,cos it sees you as an authenticated user on the system..
Mostly amazed by the absence of any huge walls of red text when powershell encounters some syntax error
Thanks. I have done kerberoasting before but never understood what I was doing at this level. Super cool stuff.
So this is why you've been asking twitter for the password? 😂
😂😂😂😂😂
It's amazing how a 22 minute video about kerberoasting only has about 2 minutes worth of kerberoasting
I’m sayin😂
Good stuff John. Thanks.
I still miss the honey badger video :(
I was contemplating sending a secret message to kelly ripa on X saying that I learned that she was basically on soultrain from Questlove.
Great job...greetings from italy
Great video man!
Simply amazing!!!
Question. When you are enumerating the SPNs are the ones that are vulnerable the user must have access to correct? So if the HTTP SPN was vulnerable but the user did not have access to it they would not be able to get that TGS right?
SPNs are not hidden. Everyone has access to them.
I understand that. But not everyone has access to request the tgs correct? I.e sql server. Not everyone can get this ticket as only privileged accounts should be able to access it so the attacker would need to compromise this type of account. but if the compromised account was a normal user and requested the tgs wouldn’t it be not granted correct..?
Everyone can request a TGS, Domain Controller only provides Security Info about the user (PAC), it's up to the Service Account itself to check the user's rights in the TGS.
The Security concern here is that DC use a piece of the secret of the requested service to encrypt the TGS which can be later used to brute force/crack the password.
Awesome content 👏
So many of these attacks rely on already having domain admin or schema admin, or assume that the IT staff is hopelessly incompetent.
They often are
No, domain admin and schema admin are not required for Kerberoasting. Those were just used to set up an SPN in AD so that he had something to attack. The actual Kerberoasting was just the last 2 minutes of the video.
@@BrownCoatFanThanks
And there are plenty of incompetent AD admins out there .
Finally man
Any valid coupons for CRT? :)
thanks 👍
What windows server version did you use ?
@hammond
What OS do run on your baremetal ?
Most likely either a MacOS or an SE Linux distro
🔥🔥🔥🔥🔥
That's crazy - how does a typical AD setup prevent this? Is there some other system/service in place that prevents you obtaining hashes in the first place, or is it more so a matter of good password strength policies so that something like John can't crack the hashes as easily?
Yes, use a very long (25 characters) and complex password.
Prefer GMSA if your App/System supports it. If not, a long, very complex password could help...
@@NawdiralgMSAs are so nice. Password lifetime of 24hrs and with length of 120chars. Also, they do not pretend to be user accounts.
Use excalidraw next time 😂
Alh4zr3d, is it you 🤨🤭😅🥳
It is a shame there's no easy way to snapshot an AD, no?
😃 🚀 ❤️
first
👑 here's your crown
@@baxsmthanks bud
Frist hehe
You know, talking this fast, you're not really teaching anything as much as blowing through content that isn't digestible by people.
I like you, but this one was a weak video. The whole scripting thing is way too much to "learn Active Directory Kerberoasting".
i mean .... yeah; with domain admin privileges anything is possible. So? Thats like saying "root bad! root evil!". Yes. Yes, it is. Very. Much more than you can imagine. So?
Kerberoasting is done from any low privilege domain user. We used the domain user account "Alice".
Every time I watch @johnhammond I just feel like an idiot, so unworthy 😞
I actively despise AD and I don't even have a logical reason for it. just gut feeling.
Pretty useless information if you have a minimum requirement of at least 13 characters with good complexity , a good EDR installed etc.....
@hammond
What OS do run on your baremetal ?
If you mean OS running on his real machine then it's Windows 10