12/5/2023 0 Comments Golden tickey/ptt - Indicates that the forged ticket should be injected into the current session instead of being written to a file./groups - The list of groups (by RID) to include in the ticket, with the first being the user’s primary group./user - The username to be impersonated./aes256 - The AES-256 password hash of the KRBTGT user (alternatively, /ntlm or /rc4 can be used for NTLM hashes, and /aes128 for AES-128).To mint the TGT, the adversary must specify the following information to mimikatz kerberos::golden: ![]() With November 2021 security updates for Kerberos this attack method was patched so if the domain controllers have this update a valid user must be used. The example below shows how to create a Kerberos ticket-granting ticket (TGT) for a user account that doesn’t actually exist in the directory. User Account Control : 00000202 ( ACCOUNTDISABLE NORMAL_ACCOUNT ) User Principal Name : Type : 30000000 ( USER_OBJECT ) 'DOMAIN\Krbtgt' will be the user account '' will be the domain # The Domain DNS Name Mimikatz(commandline) # lsadump::dcsync /user:DOMAIN\Krbtgt ![]() ![]() PS> mimikatz.exe "lsadump::dcsync /user:DOMAIN\KRBTGT" Then they can use various methods to compromise the password hash of the KRBTGT user here’s how DCSync can be used for this purpose: To begin a Golden Ticket attack, an adversary must have obtained administrative privileges in Active Directory, such as replication privileges or administrator access to a domain controller.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |