AS-REQ, the answer is called
TGS-REQ, the answer is called
AP-REQ, the service answer is called
krbtgt's NT hash. An attacker knowing the
krbtgt's NT hash can forge TGTs impersonating a domain admin. He can then request STs as a domain admin for any service. The attacker would have access to everything. This forged TGT is called a Golden ticket.
KRB_AS_REPmessage to the requesting client. The session key being encrypted with the requested user's NT hash, it is possible to crack that session key offline in a an attempt to find the user's password. This is called ASREProasting.
KRB_AS_REQmessages and operate a similar cracking attempt.
[U2U] allows users to host secure application services on their desktop machines. [...] In the user-to-user protocol, one user acts as a server, and the other user acts as a client. (Frequently Asked Questions about Kerberos).