infosecn1nja
/
Rubeus
mirror of https://github.com/infosecn1nja/Rubeus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

readme

master
Dwight Hohnstein 2018-10-15 16:30:26 -07:00
parent 872379a479
commit d2ef39ad7b
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -63,11 +63,11 @@ Rubeus is licensed under the BSD 3-Clause license.
Retrieve a usable TGT .kirbi for the current user (w/ session key) without elevation by abusing the Kerberos GSS-API, faking delegation: Retrieve a usable TGT .kirbi for the current user (w/ session key) without elevation by abusing the Kerberos GSS-API, faking delegation:
Rubeus.exe tgtdeleg [/target:SPN] Rubeus.exe tgtdeleg [/target:SPN]
Monitor every SECONDS (default 60 seconds) for 4624 logon events and dump any TGT data for new logon sessions: Monitor every SECONDS (default 60 seconds) for 4624 logon events, dump any TGT data for new logon sessions, and save data to specified registry path (Default: Disabled):
Rubeus.exe monitor [/interval:SECONDS] [/filteruser:USER] Rubeus.exe monitor [/interval:SECONDS] [/filteruser:USER] [/registry:PATH\UNDER\HKLM]
Monitor every MINUTES (default 60 minutes) for 4624 logon events, dump any new TGT data, and auto-renew TGTs that are about to expire: Monitor every MINUTES (default 60 minutes) for 4624 logon events, dump any new TGT data, and auto-renew TGTs that are about to expire, and save TGTs to a specified registry path (Default: Disabled):
Rubeus.exe harvest [/interval:MINUTES] Rubeus.exe harvest [/interval:MINUTES] [/registry:PATH\UNDER\HKLM]
NOTE: Base64 ticket blobs can be decoded with : NOTE: Base64 ticket blobs can be decoded with :