AS-REP Roasting

AS-REP roasting is a technique that allows retrieving password hashes for users that have Do not require Kerberos preauthentication property selected:

Those hashes can then be cracked offline, similarly to how it's done in T1208: Kerberoasting.

Execution

Cracking AS-REP Hashes with HashCat

Say this is the hash we get for the potential victim:

We need to insert 23 after the $krb5asrep$ like so:

We can then crack it:

References

https://www.harmj0y.net/blog/activedirectory/roasting-as-reps/www.harmj0y.net
https://jsecurity101.com/2019/IOC-differences-between-Kerberoasting-and-AsRep-Roasting/jsecurity101.com
Logo@_xpn_ - Kerberos AD Attacks - More Roasting with AS-REPXPN InfoSec Blog
PreviousKerberos: Silver TicketsNextKerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled

Last updated

Was this helpful?