Certified Ethical Hacker (CEH v13) — Question 126

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

Answer options

• A. Carry out a passive wire sniffing operation using Internet packet sniffers
• B. Perform a PRobability INfinite Chained Elements (PRINCE) attack
• C. Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz
• D. Request a service ticket for the service principal name of the target service account

Correct answer: D

Explanation

The correct step is to request a service ticket for the service principal name of the target service account, as this is essential in a Kerberoasting attack to access the service account's credentials. The other options are not directly relevant to the immediate goal of conducting a Kerberoasting attack and do not facilitate the extraction of the required service account password.