Write
OneWriteup
  • Login
  • Register
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
OneWriteup
No Result
View All Result

What is As-Rep Roasting attack in Active Directory and How does it work?

Discover how attackers exploit Kerberos vulnerabilities through As-Rep Roasting, learn step-by-step techniques for identifying and preventing this attack, and strengthen your network security.

FOUNDER by FOUNDER
October 16, 2024
Reading Time: 3 mins read
21
0
What is As-Rep Roasting attack in Active Directory and How does it work?
Share on FacebookShare on Twitter

What is As-Rep Roasting Attack?

As-Rep Roasting is an attack technique that targets Kerberos in environments where Pre-Authentication is disabled.

When Pre-Authentication is disabled, an attacker can request an Authentication Service (AS) Response Message (AS-Rep) for a user without needing to prove knowledge of their password. The Key Distribution Center (KDC) responds with an encrypted message (the AS-REP), which includes a part that is encrypted using the user’s password. The attacker can use tools like hashcat or johntheripper and attempt to crack it offline, revealing the user’s password.

 

How to identify vulnerable As-Rep Roast accounts in Active Directory?

In a Windows Active Directory (AD) environment, an attacker can use tools like PowerShell to search for accounts where Pre-Authentication is not enforced. These accounts can be identified by using the UF_DONT_REQUIRE_PREAUTH flag.

Get-ADUser -Filter {UserAccountControl -band 4194304} -Properties UserAccountControl

How to create vulnerable AS-Rep Roasting Account?

System administrators may create vulnerable accounts by disabling Pre-Authentication for specific users.

Step 1: Open Server Manager and navigate to Active Directory Users and Computers.
Step 2: Select the user account properties.
Step 3: Under the Account tab, check the option for Do not require Kerberos preauthentication.
Step 4: Apply the changes.

What are the tools used for performing As-Rep Roasting attack?

1. Ruberos

Rubeus is a command-line tool written in C# to abuse Kerberos authentication in Windows Active Directory environments

Rubeus.exe asreproast /domain:YourDomainName.local

This command will request AS-REPs for vulnerable accounts and output their encrypted credential hashes, which can be used for offline cracking.

2. Kerbrute 

Kerbrute is another tool designed for brute-forcing and enumerating user accounts in Kerberos environments. It can also be used to exploit As-Rep Roasting vulnerabilities.

Kerbrute has four main commands:

  1. bruteuser – Bruteforce a single user’s password from a wordlist
  2. bruteforce – Read username:password combos from a file or stdin and test them
  3. passwordspray – Test a single password against a list of users
  4. userenum – Enumerate valid domain usernames via Kerberos

./kerbrute_linux_amd64 userenum -d 'server.local' --dc 10.0.0.203 ~/wordlists/user.txt

3. Impacket

Impacket is a Python library containing scripts for testing a wide variety of network protocols weakness. The GetNPUsers.py script can be used to exploit As-Rep Roasting.

ADVERTISEMENT

Impacket is by default located on /usr/share/doc/python3-impacket/examples/ in Kali Linux.

Identify the vulnerable As-Rep roast accounts using Impacket.

python3 GetNPUsers.py -userfile username.txt -dc-ip 10.0.0.203 server.local/

Drop password hash for vulnerable As-Rep roast accounts.

python3 GetNPUsers.py -userfile username.txt -request -dc-ip 10.0.0.203 "server.local/"

 

How to crack the hash?

Once the attacker obtains the AS-REP encrypted data, it can be brute-forced offline using tools like Hashcat.

hashcat -m 18200 hash.txt wordlist.txt -o Cracked.txt

The -m 18200 parameter specifies the mode for Kerberos 5 AS-REP hashes. If successful, this process will reveal the plaintext password for the user.

How to stop As-Rep Roast attack?

Step 1: Identify the vulnerable accounts

Get-ADUser -Filter {UserAccountControl -band 4194304} -Properties UserAccountControl

Step 2: Open Server Manager and navigate to Active Directory Users and Computers.
Step 3: Select the user account properties.
Step 4: Under the Account tab, uncheck the option for Do not require Kerberos preauthentication.
Step 5: Apply the changes.

 

Read about: How to exploit Access Control List?

What is Access Control List (ACL) and How to exploit it in Active Directory?

 

ADVERTISEMENT
FOUNDER

FOUNDER

Cybersecurity aficionado committed to disseminating expertise, crafting articles that empower others to resolve errors and fortify online defenses with ease.

Recently Posted

HOW To BECOME AN ETHICAL HACKER ROADMAP

Free Cybersecurity Roadmap for Ethical Hacking Career in 2025

November 15, 2024
704
Top 4 Cyber attacks Commonly used for Hacking Websites!

Top 4 Cyber attacks Commonly used for Hacking Websites!

November 9, 2024
163
How to use bloodhound tool for pentesting

How to use Bloodhound / Sharphound for Pentesting Active Directory?

November 6, 2024
452
Pass The Hash

How to perform Pass The Hash Attack on Active Directory in 2024?

November 2, 2024
147
Load More

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

ADVERTISEMENT

Recommended

Cybersecurity-Non-tech-Skills-for-Success

Top 3 Non-Technical Skills for Cybersecurity Professionals to Advance Your Career

September 21, 2024
115
Golden Ticket Attack

How to perform Golden Ticket Attack in Active Directory in 2024?

October 29, 2024
164

Popular Story

  • Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    735 shares
    Share 294 Tweet 184
  • Termux Top 10 Most Powerful Tools in 2024

    270 shares
    Share 108 Tweet 68
  • How to use Bloodhound / Sharphound for Pentesting Active Directory?

    81 shares
    Share 32 Tweet 20
  • How To Setup Cybersecurity HomeLab for Red Team and Blue Team?

    155 shares
    Share 62 Tweet 39
  • OSCP vs OSCP+: What New Changes Have Been Made?

    101 shares
    Share 40 Tweet 25
ADVERTISEMENT
OneWriteup

Discover expert cybersecurity articles, tutorials, and the latest trends to protect your digital world.

  • OneWriteup Labs
  • About Us
  • Feedback
  • Contact Us
  • Report
  • Privacy Policy
  • Community Guidelines
  • Terms Of Service

© 2024 OneWriteup

No Result
View All Result
  • Trending
  • Articles
  • News
  • Blog
  • Tutorials
  • Research
  • Top 10 Lists
  • Case Studies
  • Interviews
  • Login
  • Sign Up

© 2024 OneWriteup

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In