# AS-Rep Roasting

AS-REP Roasting targets account for which preauthentication is disabled.
This means `DONT_REQUIRE_PREAUTH` for an account is enabled, and the DC skips
the verification step. After event type `4768` the `Pre_Authentication_Type=0`
and event code `4769` and `4624` is never triggered.
A service can be requested without any password check.

AS-Rep Roasting dumps user accounts which did not enable pre-authentication.
This is somewhat similar to Kerberoasting but includes user accounts as well.

## Usage

Impacket got `GetNPUsers` to check non pre-authenticated user accounts and find credentials.

```sh
impacket-GetNPUsers $TARGET_DOMAIN/ -dc-ip $TARGET_DC_IP -usersfile $USERS_FILE  -format hashcat -outputfile hashes.txt -no-pass
```