Stealing User Hashes Using NTPTimeroasting is a security attack technique that allows one to extract password hashes of computer accounts in an Active Directory (AD) domain.
The method involves exploiting the NTP protocol and the Kerberos response hashing mechanism to obtain hashes without the need for domain credentials.
These hashes can then be cracked offline using specialized tools, such as Hashcat.
Timeroasting has two weaknesses:
⏺ It can only be used to obtain computer hashes;
⏺ It requires mapping RIDs to usernames, so either anonymous access to the directory or valid credentials for any domain user is required.
Targeted Timeroasting: ÐÑажа полÑзоваÑелÑÑÐºÐ¸Ñ ÑеÑей Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ NTP
ÐÑивеÑ, ХабÑ. ÐÑо ÐлекÑÐ°Ð½Ð´Ñ ÐаÑновÑкий, ÑеÑниÑеÑкий диÑекÑÐ¾Ñ Avanpost. Ркомпании Avanpost Ð¼Ñ Ð·Ð°Ð½Ð¸Ð¼Ð°ÐµÐ¼ÑÑ ÑазÑабоÑкой ÑобÑÑвенной ÑлÑÐ¶Ð±Ñ ÐºÐ°Ñалогов Avanpost DS. Ðна плоÑно инÑегÑиÑÑеÑÑÑ Ñ Microsoft...
habr.com
