AS-REP Roasting

🧠 What’s the Deal?

Give us the lowdown — what is this attack and why should anyone care?

AS-REP contains session key and TGT which is in response to AS-REQ, if preauthentication is enabled, an attacker could send AS-REQ to the DC on behald of any user and can get RS-REP from DC if preauth is disabled.

🎯 What’s the Big Win?

What’s the attacker trying to pull off here?

🔓 Gain unauthorized access
📦 Extract sensitive data
👑 Escalate privileges
🌐 Lateral movement across the network

🧰 Gear Up (Prereqs)

Don’t go in empty-handed. What do you need beforehand?

"Do not require kerberos preauth" option in AD must be enabled (disabled by default), Can be enabled if we have generic read write ,Generic all permissions on another accoung and get the hash.
A compromised Username and Password
Tools:Impacket-getnpusers(kali), Rubeus.exe(windows)

🚀 Launch Sequence (How-To)

Method 1, if you are attacking from kali linux

# use Impacket-getnpusers
1. impacket-getnpusers --dc-ip <$IP> -request -outfile hashes_rep_roast domain.com/user

Method 2, if you are attacking from windows machine

# use rebeus.exe
1. rubesu.exe asreprost /nowwrap

🧠 What’s the Deal?​

🎯 What’s the Big Win?​

🧰 Gear Up (Prereqs)​

🚀 Launch Sequence (How-To)​

🧠 What’s the Deal?

🎯 What’s the Big Win?

🧰 Gear Up (Prereqs)

🚀 Launch Sequence (How-To)