PwnKata
Start drilling free
Home Active Directory AS-REP Roasting
medium Live now Windows · Active Directory

AS-REP Roasting

Find the account with Kerberos pre-authentication disabled, then turn that misconfiguration into a credential.

Enumerate simulated LDAP for DONT_REQ_PREAUTH, request the AS-REP material, crack it with the local wordlist, and use the recovered password against the mailbox endpoint.

Variants include tempting service-looking accounts and disabled decoys so the preauth flag remains the deciding evidence.

What you'll practice

AS-REP roastingActive DirectoryKerberosCPTS
drill workspace · session live
medium

AS-REP Roasting

Find the account with Kerberos pre-authentication disabled, then turn that misconfiguration into a credential.

Objective

Recover the flag at /root/flag.txt and submit it.

Drill this now

Spin up a live isolated target and start practicing in seconds — free.

Start drilling

Related active directory techniques

Windows · Active Directory Live

Kerberoasting

Kerberoasting is a workflow: identify the right SPN, request the ticket, crack offline, and prove the credential works.

hard
Windows · Active Directory Live

AD Graph Enumeration Simulator

AD Graph Enumeration Simulator distilled into repeatable single-technique reps on isolated targets.

medium
Windows · Active Directory Live

AD ACL Abuse Simulator

AD ACL Abuse Simulator distilled into repeatable single-technique reps on isolated targets.

hard