19 lines
757 B
Markdown
19 lines
757 B
Markdown
# AS-Rep Roasting
|
|
|
|
AS-REP Roasting targets account for which preauthentication is disabled.
|
|
This means `DONT_REQUIRE_PREAUTH` for an account is enabled, and the DC skips
|
|
the verification step. After event type `4768` the `Pre_Authentication_Type=0`
|
|
and event code `4769` and `4624` is never triggered.
|
|
A service can be requested without any password check.
|
|
|
|
AS-Rep Roasting dumps user accounts which did not enable pre-authentication.
|
|
This is somewhat similar to Kerberoasting but includes user accounts as well.
|
|
|
|
## Usage
|
|
|
|
Impacket got `GetNPUsers` to check non pre-authenticated user accounts and find credentials.
|
|
|
|
```sh
|
|
impacket-GetNPUsers $TARGET_DOMAIN/ -dc-ip $TARGET_DC_IP -usersfile $USERS_FILE -format hashcat -outputfile hashes.txt -no-pass
|
|
```
|