ECCouncil Certified Ethical Hacker Exam (CEHv12) 312-50v12 Question # 137 Topic 14 Discussion

312-50v12 Exam Topic 14 Question 137 Discussion:

Question #: 137

Topic #: 14

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

Carry out a passive wire sniffing operation using Internet packet sniffers

Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz

Perform a PRobability INfinite Chained Elements (PRINCE) attack

Request a service ticket for the service principal name of the target service account

Get Premium 312-50v12 Questions

Explanation

A Kerberoasting attack is a technique that exploits the weak encryption of Kerberos service tickets to obtain the password hashes of service accounts that have a Service Principal Name (SPN) associated with them. The attacker can then crack the hashes offline and use the plaintext passwords to impersonate the service accounts and access network resources.

A Kerberoasting attack follows these steps1:

The attacker impersonates a legitimate Active Directory user and authenticates to the Key Distribution Center (KDC) in the Active Directory environment. They then request a Ticket Granting Ticket (TGT) from the KDC to access network resources. The KDC complies because the attacker is impersonating a legitimate user.

The attacker enumerates the service accounts that have an SPN using tools like GetUserSPNs.py or PowerView. They then request a service ticket for each SPN from the KDC using their TGT. The KDC grants the service tickets, which are encrypted with the password hashes of the service accounts.

The attacker captures the service tickets and takes them offline. They then attempt to crack the password hashes using tools like Hashcat or John the Ripper. They can use various methods, such as brute force, dictionary, or hybrid attacks, to guess the passwords. Alternatively, they can use a PRINCE attack, which is a probabilistic password generation technique that combines common words, patterns, and transformations to generate likely passwords2.

Once the attacker obtains the plaintext passwords of the service accounts, they can use them to authenticate as the service accounts and access the network resources that they are authorized to.

Therefore, the next step that the analyst should take after obtaining a valid TGT is to request a service ticket for the SPN of the target service account. This will allow them to capture the service ticket and extract the password hash of the service account.

References:

How to Perform Kerberoasting Attacks: The Ultimate Guide - StationX

PRINCE: PRobability INfinite Chained Elements

Actual exam question for ECCouncil 312-50v12 exam by Zephyr8608 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

ECCouncil Certified Ethical Hacker Exam (CEHv12) 312-50v12 Question # 137 Topic 14 Discussion

ECCouncil Certified Ethical Hacker Exam (CEHv12) 312-50v12 Question # 137 Topic 14 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

ECCouncil Certified Ethical Hacker Exam (CEHv12) 312-50v12 Question # 137 Topic 14 Discussion

ECCouncil Certified Ethical Hacker Exam (CEHv12) 312-50v12 Question # 137 Topic 14 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval