Update kerberoast.md

Added rdate as an additional option for the NTP Clock Skew sync with a DC. ntpdate is deprecated/not included as of ubuntu 16.04.
This commit is contained in:
Ryan Kleffman 2023-06-13 11:03:54 -05:00 committed by GitHub
parent 5850e04a1f
commit e51f4b2682
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -129,7 +129,9 @@ If you have **enough permissions** over a user you can **make it kerberoastable*
You can find useful **tools** for **kerberoast** attacks here: [https://github.com/nidem/kerberoast](https://github.com/nidem/kerberoast) You can find useful **tools** for **kerberoast** attacks here: [https://github.com/nidem/kerberoast](https://github.com/nidem/kerberoast)
If you find this **error** from Linux: **`Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)`** it because of your local time, you need to synchronise the host with the DC: `ntpdate <IP of DC>` If you find this **error** from Linux: **`Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)`** it because of your local time, you need to synchronise the host with the DC. There are a few options:
- `ntpdate <IP of DC>` - Deprecated as of Ubuntu 16.04
- `rdate -n <IP of DC>`
### Mitigation ### Mitigation