Certified Ethical Hacker (CEH v12) — Question 151

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

Answer options

• A. Carry out a passive wire sniffing operation using Internet packet sniffers
• B. Perform a PRobability INfinite Chained Elements (PRINCE) attack
• C. Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz
• D. Request a service ticket for the service principal name of the target service account

Correct answer: D

Explanation

The correct answer is D, as the analyst needs to request a service ticket for the service principal name (SPN) to carry out the Kerberoasting attack effectively. Options A and B do not directly relate to the next necessary step in this context. Option C, while related to password extraction, is not the immediate next step after obtaining the TGT.