Yesterday, 11:55 AM
(Yesterday, 12:49 AM)Chick3nman Wrote: This doesn't look like a hashcat issue, given that you also mentioned you were unable to crack it with JTR.
4. Made sure password is correct on account.
Are you sure that the password is set and the hash should match for that specific SPN? Have you tried capturing the hash a few more times and trying to crack those? Or perhaps changing the password again and recapturing?
I just double checked the password is the specified one.
I just tried to change it like you said, then changed it back multiple times, was unable to crack either of the very simple passwords. I also rebooted the domain controller. No dice.
Are you able to crack the above specified hash?
I am Kerberoasting an up to date Windows Server 2022, but that should not affect the hash right?
During Kerberoasting i usually run into the following error:
[-] CCache file is not found. Skipping...
[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)
but i was able to fix this with changing to run and then executing:
“timedatectl set-ntp off”, “rdate -n [IP of Domain Controller]".
Then i get the hash and just copy and paste it into a nano-ed .txt:
Impacket v0.13.0.dev0+20250611.105641.0612d078 - Copyright Fortra, LLC and its affiliated companies
ServicePrincipalName Name MemberOf PasswordLastSet LastLogon Delegation
-------------------------------------- ---------- ----------------------------------------------------------- -------------------------- -------------------------- ----------
HYDRA-DC/SQLService.MARVEL.local:60111 SQLService CN=Group Policy Creator Owners,OU=Groups,DC=MARVEL,DC=local 2025-07-26 12:42:56.934060 2025-07-26 14:45:15.430006
HYDRA-DC/SQLService.MARVEL.local SQLService CN=Group Policy Creator Owners,OU=Groups,DC=MARVEL,DC=local 2025-07-26 12:42:56.934060 2025-07-26 14:45:15.430006
[-] CCache file is not found. Skipping...
$krb5tgs$23$*SQLService$MARVEL.LOCAL$MARVEL.local/SQLService*$97397eb35bf168a16257e8317e85c5f9$248a5c81613baa004607f1785a25f49ec55c1353604cd47aae782cdf5b549da7c5e47c5083456936cd284d6ff33f57fc00f52f67266534201634c3461f3f024e3edd08bed2a8fca3877472746fa020e5b08be8e7056c244accffb97aafb68b591c19658c3495c7937cd4bd74e22a00fd6e50f5e1a29d8ee345ec4730966eb35e7403190f87905407eb44d88672e4c23b125560aaaa91a5552b6e44829d97348b0799f264e26498b5625b28cd7266ba0090a11b10f515124b47b8aac24ff4f8ab5ed85a7c72144d35ba8575e421e213f6b07d2134381a9e00f70e9d0b07267c4cbe8438caada1199d272f0900877fb4c8be54515d685afcef1571293bb5029f955089ccd84fe2d11a885825383de973b145a3bf7cdd8293481d20911ee770877a5fa590f8badf7cede5f4b90d498d6a7817fb44dbc1558802dbf94b8e8c503f331747fd48354fea13957ab17fec76a623125da67b2e1d18c6e2e2dcbccfe8cda8d82a4d98d512df33c2017c015427c126e4a24c2366bca84c5f82f884e7b7051825e564fe89812f8c64e675d766d025385a947f8cd9a4875a4373133772720c7b5e0b7f97dce14d6254bb862f05e0d8ae0acc8dd844a777cc781581d4aa9f363e4c60ac6921e24a9fa269d9867620ad725742fd28f84871510f55c2bb3741f8c43aca3b098f8ade7b39a551fd7b475d7e9b91262018144f7f58c21a4f711031cfb155e61498ff61aeca454f4d3c25a986f3e9373870b701a4139645e0c8e30226335c013325f82d1732463ac927d991fb62d74813512a6e9e4976ca55e30c742da43e16914c75bb06c83a61b104d3548627374cb1a937d13de6b365b09532bbdf7a6bd41b350ca4d9fb18fb1168fdd397086230c9aa3645c5105931a7e6c4e271f578f6694414671c4ee29da690a9b433afa261cd7689a58cee3fcaff3164085025476c1f5f972b271cf3d54d219051963d673e6bed4ddec4207575fad869fc2545603359decb966b8e89c695e346badc45dccd905370ce4f405faa5b8eb97cd20aef8801d9cd36d3cdc22bfdd1d085d946713756be3d948226205959f52b1760ef914cf3918ec1dfae572bc0c8460a60a46e337da2a542a0566069a5971200140330703736c9cc9e7e5b00e1e774e2192991ab04ac28854ced55190ae7d6c07aaabccfcb2b0bf44cc9e2c96e5ed5f2834de5d7b24abe44e7c6b7f62f1e88a53439d41ff3e744dcd01e08d1f0eb787245502cfe562e24977e3ef148ab8815f4657f78190be1d1b66b04c1f259bb6a5c8139586b8c3d1dbf2a923ed59881e3a53b871f8e26b37d813c48055384336ef137abe90c3f8994d63ad3c688e31c17966335350b7b71d682326d393b6c94ab9a848671f45f7aae6f0b878dc20de5b850b715fb5683027e6836929bc1e5bc3e2af64eb0bb1fffb5773e1db0166a
Thanks for taking the time to answer my Question.
If it is not a hashcat problem, where do you think does the problem lie?