# Kerberoasting Kerberoasting is where a service ticket is used to brute force a service password. This password can then be used to either move laterally or (if the service runs with elevated privileges) to elevate your privileges. Note that not every account is kerberoastable; the Kali Linux tool Bloodhound can be used to identify potentially kerberoastable accounts. ## Impacket ![[Kerberoasting with Impacket]] ## Rubeus ![[Kerberoasting with Rubeus]] ## Invoke-Kerberoast The [`Invoke-Kerberoast`](https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1) PowerShell module can be used to create a dump of service tickets that can then be attacked offline using [[Hashcat]] or [[John the Ripper]]. (Note that calling Out-File with the `-Width 8000` option is important in the below example, as otherwise the ticket can be truncated!) ```powershell Invoke-Kerberoast -OutputFormat Hashcat | Select-Object Hash | Out-File -filepath "$FILE_PATH" -Width 8000 ``` ## Defenses The main defenses against kerberoasting are (1) strong passwords and (2) making sure you're not running any services as domain admin (which you shouldn't need to do in this day and age anyway).