https://joaobonin.com/tags/as-rep-roasting/ Recent content in As-Rep-Roasting on João Vítor Moutinho Bonin Hugo en Wed, 03 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-blackfield/ Wed, 03 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-blackfield/ Blackfield is a Hard Windows Active Directory box from HackTheBox. ASREPRoasting lands the support account, BloodHound reveals a ForceChangePassword path to audit2020, whose forensic SMB share contains an lsass dump. pypykatz extracts svc_backup's hash, and SeBackupPrivilege abuse via wbadmin extracts ntds.dit to dump the domain admin hash. https://joaobonin.com/posts/htb-sauna/ Wed, 03 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-sauna/ ASREPRoasting a bank employee, cracking their hash, then following a chain of autologon credentials and DCSync rights to own the domain. https://joaobonin.com/posts/htb-forest/ Sun, 31 May 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-forest/ Forest is an Easy Windows Active Directory box on HackTheBox. The path goes through AS-REP roasting a service account, then using BloodHound to find a WriteDacl abuse chain through Exchange groups to grant DCSync and dump the domain.