A little bit of explanation on Kerberos and Impacket


In this post, I would like to share my knowledge and skills about the Kerberos which we will take advantage of Impacket script


For those who are not familiar with Kerberos, it’s a protocol in which the server will authenticate the service request among the trusted hosts with an untrusted network like the internet itself. Microsoft has been using the Kerberos protocol since Windows 2000 for its default authentication method which is implemented inside the Windows Operation System.


As we know, we will use the Kerberos tool on the Windows Operating System which I will demonstrate below. However, i will demonstrate by using the Impacket script which is can be found over here


There is another way to download the impacket on our machine by using the command

python3 -m pip install impacket

Screenshot Resource for the Demonstration


The screenshot above has been taken from the Scrambled Machine which is using Windows Operation System and can be found over here. For those who don’t know about the Scrambled Machine, It’s a retired machine that can be played on the HackTheBox Platform.

Enumerate the Scrambled machine using impacket tool


Before we execute the SMBClient service on the machine, let’s create a ticket by using impacket-getTGT


We managed to access it via SMBclient service


I managed to sight that there’s a pdf file called Network Security Changes


As a result, let’s grab the file into our attacker’s machine


Nothing looks interesting on the pdf file.


Let’s find the password and crack it using John The Ripper where it will provide the password as Pegasus60


Let’s execute the secretdump on the machine by using the command above.


Therefore, let’s create another ticket but we need to find a nthash first.


Once the ticket has been executed, the ticket will be saved to Administrator.ccache


We also can execute the mssqlclient so that we can enumerate even deeper.