ASREPRoast

2 ASREPRoast user with “Do not require Kerberos pre-authentication” enabled in AD that is disabled by default. allows anyone to send AS_REQ to KDC on the user’s behalf and receive AS_REP message that contains encrypted data with original user key derived from its password. Crack the hash to retrieve password. no domain accounts required; just connectivity to KDC (DC) however, with a domain account, users w/o Kerberos pre-auth in the domain can be retrieved via an LDAP query: (&(samAccountType=805306368)(userAccountControl:1....