ASREPRoasting

Introduction

As mentioned in the Kerberos Module. Kerberos has tackled the challenge of granting access based on a challenge: AS-REQ. Although, this was too much! Some systems/services are unable or were unable to fulfill this challenge, so Microsoft, being Microsoft decided to allow the grant of a TGT without proving the identity via AS-REQ! Crazy, ah? That's where AS-REP Roasting comes from. It takes leverage of a weak point in some systems/services that are unable to fulfill AS-REQ, therefore it's disabled.

The Discovery

ASREP Roasting has been presented by Tim Medin at DerbyCon 2014. Showcasing how and why it works.

Is ASREP Roasting still a thing?

Yes, ASREP Roasting still remains a thing due to the fact a lot of companies use legacy systems or simply incompatible ones.

Summing it all up:

ASREPRoasting exploits a deliberate security reduction in Kerberos - the disabling of pre-authentication - to obtain encrypted material that can be cracked offline to recover plaintext passwords.

Remember:

ASREPRoasting is unique because it works COMPLETELY UNAUTHENTICATED - no domain creds needed!

ASREPRoasting Architecture: The Attack Flow

The Kerberos AS-REQ/AS-REP Exchange:

Normal Kerberos Flow (Pre-auth Enabled):

1. AS-REQ: Client requests TGT with encrypted timestamp (proves password knowledge)
2. KDC Validation: Server validates the encrypted timestamp
3. AS-REP: Server responds with TGT encrypted with user's password hash

ASREPRoasting Flow (Pre-auth Disabled):

1. AS-REQ: Attacker requests TGT for target user (no pre-auth data)
2. No Validation: Server skips pre-auth validation
3. AS-REP: Server responds with TGT encrypted with user's password hash
4. Offline Cracking: Attacker extracts the encrypted portion and cracks it offline

The encrypted portion uses the user's NT hash as the encryption key. This is why we can crack it offline once captured. Format: [email protected]:encrypted_data

AS-Rep Anatomy

The AS-Rep is containing several important information, more precisely it contains and encrypted part (enc-part), encrypted with the user's password hash: - The session key for the TGT. - The timestamp. - The realm and domain. - The validity of the TGT.

ASREP Roasting Requirements and Pre-Requisites

Technical Requirements:

1. Ability to communicate with the DC over port 88 (kerberos).
2. A wordlist of users.
3. Kerberos "Do not require pre-authentication" enabled.

ASREP Roasting makes a great attack if there are no credentials available, as it works with no credentials, therefore it's also a good move to enumerate some users this way.

Tools and Capabilities:

• Impacket's GetNPUsers.py: Most common tool
• Rubeus: Windows-native .NET tool
• ASREPRoast PowerShell Module: For PowerShell environments
• Hashcat/John: For offline password cracking

When to Use ASREPRoasting

Ideal Scenarios:

1. Initial Domain Reconnaissance:

• You have network access but no domain credentials
• Perfect for external penetration tests
• Combines well with username enumeration techniques

2. Post-Compromise Lateral Movement:

• You've compromised a workstation but need better credentials
• Looking for service account passwords
• Escalating privileges within the domain

3. Password Auditing:

• Security assessments of AD configurations
• Identifying weak passwords on critical accounts
• Compliance validation for security policies

Get-NPUsers.py

# No credentials needed (anonymous)
GetNPUsers.py domain.com/ -usersfile users.txt -format hashcat -outputfile hashes.txt

# With credentials (more reliable enumeration)
GetNPUsers.py domain.com/user:pass -request -format hashcat -outputfile hashes.txt

# Single user target
GetNPUsers.py domain.com/ -no-pass -usersfile users.txt

Quick Reference Cards:

Q: What makes ASREPRoasting possible? A: Disabled Kerberos pre-authentication (DONT_REQUIRE_PREAUTH flag)

Q: What's unique about ASREPRoasting vs other AD attacks? A: Works completely unauthenticated - no domain creds needed

Q: What port does ASREPRoasting use? A: Port 88 (Kerberos)