Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter IV - Active Directory / 03. Kerberos / Roasting

Information

Roasting attacks abuse the fact that Kerberos returns encrypted material to ordinary domain principals during normal authentication flows. The attacker does not need to break Kerberos online. The attacker asks the domain controller for data that is allowed by protocol or configuration, saves the returned blob, and cracks it offline until the original account password is recovered.

We use roasting when enumeration shows one of three conditions: a user account has Kerberos pre-authentication disabled, a service account has an SPN, or a machine account can be challenged through the domain time service. We also use targeted Kerberoasting when ACL control lets us temporarily add an SPN to a user, roast it, and then remove the SPN.

The important split is what secret protects the material. AS-REP roasting gives us an AS-REP encrypted with the target user's password-derived key. Kerberoasting gives us a TGS encrypted with the service account password-derived key. Timeroasting targets machine account secrets through MS-SNTP. The cracking phase is always offline, so weak passwords are the real failure.

Operationally, roasting is usually low friction and high value, but it is not invisible. AS-REP requests create Kerberos authentication events, TGS requests create service ticket events, and Timeroasting touches the domain controller's time service over UDP/123. Single targeted requests blend better than mass roasting, especially when the target list comes from LDAP filtering first.

In this chapter we use NetExec, Impacket, Rubeus, PowerView, Hashcat, Kerbrute, targetedKerberoast, and Timeroast. The tool does not matter as much as understanding the primitive: request roastable Kerberos material, crack it offline, validate the credential carefully, and clean up any ACL-driven changes.

Cracking modes

AS-REP roast              $krb5asrep$23$     hashcat -m 18200
Kerberoast RC4-HMAC       $krb5tgs$23$       hashcat -m 13100
Kerberoast AES128         $krb5tgs$17$       hashcat -m 19600
Kerberoast AES256         $krb5tgs$18$       hashcat -m 19700
Timeroast                 MS-SNTP            hashcat -m 31300