I still can’t get ticket from SAPService, It just stuck at the initial output, then I’d get this broken pipe and disconnected from the parrot attack machine. (even SSH login process is laggy)
Using HTB VM is also the same, laggy/slow SSH login process, broken pip timedout.
Thank you! When you work on a module over the course of several days this info gets lost sometimes 
To carry out a Kerberoasting attack, you need:
- Domain user credentials: These can be in clear text or as NTLM hash (if you are using Impacket).
- Access to a shell in the context of a domain user** or access as SYSTEM.
- Know the host of the Domain Controller** to perform queries.
In the PoC the user, domain, IP and password are shown (sudo crackmapexec smb 172.16.5.5 -u sqldev -p database!) replicates the PoC with this background information
1 Like
GetUserSPNs.py -dc-ip 172.16.5.5 INLANEFREIGHT.LOCAL/SAPService
Submit the CN
Thank you! → /module/143/section/1269
Try to use the command without -outputfile filename