SPN (ServicePrincipal Names) use

SPN Description: Service Principal Name (SPN: ServicePrincipal Names) is a service instance (can be understood as a service, such as HTTP, MSSQL) is a unique identifier. Kerberos authentication uses the SPN service instances with the service logon account. If you install multiple service instances on a computer domain or the entire forest, each instance must have its own SPN. If the client might use multiple names for authentication, the given service instance can have multiple SPN. SPN always includes the name of the host running the service instance, so the service instance can be registered for each name or alias host SPN.

If you use a word to explain the word is if you want to use the Kerberos protocol to authenticate the service, you must configure the SPN correctly.

How to view SPN has been registered

Find SPN registered under top.pentest.top domain :

The first: setspn -T top.pentest.top -Q */*
second:setspn -Q */*


SPN Scan:

Introduction: registered in a large field usually have more than one service SPN, it is possible to view the service domain by "SPN scanning" approach.

Pros: For example, want to know what services which hosts art installation, we do not need to network port scanning batch. Advantages with respect to conventional network port scan is not the host and establish a direct connection service, and more concealed.

Scan Tool:

1.GetUserSPNs.ps1:

GetUserSPNs is a powershell script Kerberoast toolset used to query the domain registered SPN.

2.GetUserSPNs.vbs:

cscript .\GetUserSPNs.vbs

Reference article: https://www.freebuf.com/articles/system/196434.html

Guess you like

Origin www.cnblogs.com/zpchcbd/p/11707776.html