kerberos live roast command

What it does

Performs kerberoast/spnroast attack using the credentials of the current user

Remarks

This is a one-shot get all command, but it does not have control over the encryption type of the resulting TGS tickets. For that you'd need to use the normal spnroast command

Requirements

The command must be executed on a domain-joined machine with the context of a domain user.

Subcommands

None

Switches

-o: Writes the TGS to file in hashcat format

Examples

pypykatz live kerberos roast: Performs kerberoast

Home

Wiki

Live commands

lsa
kerberos
- currentluid
- roast
- tgt
- apreq
- purge
- sessions
- dump
- triage
smbapi
- share
- session
- localgroup
users
token
process
dpapi
- keys
- vpol
- vcred
- cred
- blob
- blobfile
- securestring
- securestringfile
- wifi
smb
- client
- shareenum
- lsassdump
- regdump
- dcsync
- secretsdump
ldap
- client

Platform-independent commands

lsa
- minidump
registry
crypto
- nt
- lm
- dcc
- dcc2
- gppass
kerberos
- tgt
- tgs
- brute
- asreproast
- spnroast (aka. kerberoast)
- s4u
- keytab
- kirbi
- ccache
  - list
  - del
  - roast
  - loadkirbi
  - exportkirbi
dpapi
- prekey
- minidump
- masterkey
- blob
- securestring
- credential
- vpol
- vcred
smb
- client
- lsassfile
- lsassdump
- regfile
- regdump
- dcsync
- secretsdump
- shareenum
ldap
- client

ConnectionURL

ConnectionURL

Provide feedback

Saved searches

Use saved searches to filter your results more quickly