Kerberos Abuses - AS-REP Roasting
First we need to understand what is kerberos and why is it used? it's already explained very well check the below link for an overview. https://www.roguelynn.com/words/explain-like-im-5-kerberos/ Lets say you have a foothold and you have access to a user account, you can check if any user has kerberos preauth set, if you have powerview loaded, this command should provide all the users: Get-DomainUser -PreauthNotRequired courtesy: HarmJ0y https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 Found the user? Great! Alternatively, the following we can also use the same author's ASREPRoast PS script, available below, clone it and load it to the session. https://github.com/HarmJ0y/ASREPRoast You may notice (at the time of writing) the repository is no longer current, but it still can be used. The active development is happening as part of GhostPack (more on this later). * you may be wondering what's all this extensive redacting? I'm securit