Skip to content

Kerberos asreproast command

Jump to bottom
skelsec edited this page Apr 12, 2021 · 6 revisions

What it does

Performs the asreproast attack against a list of target usernames.

Remarks

The list of users can be in a file (one username per line) or can be set in a command line argument (at the end of the command). You may even mix the two.
Important: The expected format is <user>@<realm> but you don't need to specify the target users using this format if you with, just the username is enough IF you also supply the -d <realm> switch.

Requirements

You will need the following things:

  • IP/Hostname of the Kerberos server (the domain controller)
  • The Realm eg. domain name
  • A list of usernames (prone to the asreproast attack)

Subcommands

None

Switches

  • -o: Writes the result tickets to a file, hashcat format
  • -e: Specifies which encryption type should be requested. Default is RC4 (23)
  • -d: Realm aka domain name

Examples

  • pypykatz kerberos asreproast 10.10.10.2 asreptest@test.corp: Performs the asreproast attack against user asreptest@test.corp and prints the resulting ticket to the command line in hashcat format

Home

Live commands

Platform-independent commands

ConnectionURL

Clone this wiki locally