Clock Skew Too Great

🛠 Fixing “Kerberos SessionError: KRB_AP_ERR_SKEW (Clock skew too great)” During Kerberoasting

If you encounter the KRB_AP_ERR_SKEW error while attempting Kerberoasting (usually due to time differences between your machine and the target Domain Controller), follow these steps:

🔧 Step-by-Step Fix:

Switch to root (if not already):
```
su
```
Disable automatic time sync (NTP):
```
timedatectl set-ntp off
```
Manually sync your system time with the target machine:
```
rdate -n [Target_IP]
```

Rerun your Kerberoasting command: Example:

python3 GetUserSPNs.py [domain].local/[username]:[password] -dc-ip [DC_IP] -request

Note:

Make sure rdate is installed (apt install rdate if missing).
Use the Domain Controller’s IP as the target for rdate.

✅ Once your time is synced correctly, the clock skew error should no longer occur.

PreviousRDP NextLinux Privilege Escalation

Last updated 6 months ago

hashtag🛠 Fixing “Kerberos SessionError: KRB_AP_ERR_SKEW (Clock skew too great)” During Kerberoasting

hashtag🔧 Step-by-Step Fix:

🛠 Fixing “Kerberos SessionError: KRB_AP_ERR_SKEW (Clock skew too great)” During Kerberoasting

🔧 Step-by-Step Fix: