Hacking Guide – AESREPRoast and Kerberoasting
Kerberos Pre-Authentication Hash Retrieval and Cracking
We can enumerate active directory to find accounts that do not require pre-authentication. There’s a simple way of doing this using Rubeus:
.\Rubeus.exe asreproast /format:hashcat |
We can see there is a vulnerable account that has Kerberos Pre-Authentication disabled.
This hash can be loaded into hashcat and possibly cracked (the hash in the screenshot is weak on purpose) Read more “Hacking Guide – AESREPRoast and Kerberoasting”