search

TimeRoast

ko-fiarrow-up-right

In AD environments, the DC hashes NTP responses with the computer account NT hash. That means that you can request and brute force all computer accounts in a domain from an UNAUTHENTICATED perspective!

https://www.secura.com/uploads/whitepapers/Secura-WP-Timeroasting-v3.pdfwww.secura.comchevron-right
https://snovvcrash.rocks/2024/12/08/applicability-of-the-timeroasting-attack.htmlsnovvcrash.rockschevron-right

hashtag
Timeroast

LogoGitHub - SecuraBV/Timeroast: Timeroasting scripts by Tom TervoortGitHubchevron-right

hashtag
NXC

hashtag
Cracking

Use extra-scripts/timecrack.py from SecuraBV Timeroast tool

Or: Hashcat will add support for Timeroast hashesarrow-up-right as hash type 31300. Currently, it's already available in the beta releasearrow-up-right.

hashtag
TargetedTimeroast

LogoGitHub - OffsecDeer/TargetedTimeroast: Tamper Active Directory user attributes to collect their hashes with MS-SNTPGitHubchevron-right
LogoTargeted Timeroasting: Stealing User Hashes With NTPMediumchevron-right
PreviousADIDNS SpoofingNextUsers Identification

Last updated