Golden Ticket
Last updated
Last updated
AWSăăăăłă°ăćŠăłăćźè·”ăăïŒHackTricks Training AWS Red Team Expert (ARTE) GCPăăăăłă°ăćŠăłăćźè·”ăăïŒHackTricks Training GCP Red Team Expert (GRTE)
ăŽăŒă«ăăłăă±ăăæ»æăŻăNTLMăăă·ă„ăäœżçšăăŠä»»æăźăŠăŒă¶ăŒăćœèŁ ăăæŁćœăȘăă±ăăă°ă©ăłăăă±ăăïŒTGTïŒăäœæăăăăšăăæăăŸăăăăźæèĄăŻăćœèŁ ăăăăŠăŒă¶ăŒăšăăŠăăĄă€ăłć ăźä»»æăźă”ăŒăăčăăă·ăłă«ăąăŻă»ăčă§ăăăăăçčă«æć©ă§ăăkrbtgtăąă«ăŠăłăăźèłæ Œæ ć ±ăŻèȘćçă«æŽæ°ăăăȘăăăšăèŠăăŠăăăăšăéèŠă§ăă
krbtgtăąă«ăŠăłăăźNTLMăăă·ă„ăććŸăăăăă«ăăăŸăăŸăȘæčæłăäœżçšă§ăăŸăăăăăŻăăăĄă€ăłć ăźä»»æăźăăĄă€ăłăłăłăăăŒă©ăŒïŒDCïŒă«ăăăăŒă«ă«ă»ăă„ăȘăăŁăȘăŒăœăȘăăŁă”ăă·ăčăă ă”ăŒăăčïŒLSASSïŒăăă»ăčăŸăăŻNTăăŁăŹăŻăăȘă”ăŒăăčïŒNTDS.ditïŒăăĄă€ă«ăăæœćșă§ăăŸăăăăă«ăDCsyncæ»æăćźèĄăăăăšăăăăźNTLMăăă·ă„ăććŸăăăăăźć„ăźæŠç„ă§ăăăMimikatzăźlsadump::dcsyncăąăžă„ăŒă«ăImpacketăźsecretsdump.pyăčăŻăȘăăăȘă©ăźăăŒă«ăäœżçšăăŠćźèĄă§ăăŸăăăăăăźæäœăèĄăă«ăŻăăăĄă€ăłçźĄçè æš©éăŸăăŻćçăźăąăŻă»ăčăŹăă«ăéćžžćż èŠă§ăăăăšăćŒ·èȘżăăăăšăéèŠă§ăă
NTLMăăă·ă„ăŻăăźçźçă«ćŻŸăăŠæćčăȘæčæłă§ăăăéçšäžăźă»ăă„ăȘăăŁçç±ăăăé«ćșŠăȘæć·ćæšæșïŒAESïŒKerberosăăŒïŒAES128ăăăłAES256ïŒăäœżçšăăŠăă±ăăăćœé ăăăăšăćŒ·ăæšć„šăăŸăă
äžćșŠ ăŽăŒă«ăăłăă±ăăăæłšć „ăăăăšăć ±æăăĄă€ă« (C$) ă«ăąăŻă»ăčă§ăăă”ăŒăăčăWMIăćźèĄă§ăăăăăpsexec ă wmiexec ăäœżçšăăŠă·ă§ă«ăććŸă§ăăŸăïŒwinrmç”ç±ă§ă·ă§ă«ăććŸăăăăšăŻă§ăăȘăăăă§ăïŒă
ăŽăŒă«ăăłăă±ăăăæ€ćșăăæăäžèŹçăȘæčæłăŻăă±ă«ăăăčăă©ăăŁăăŻăæ€æ»ăăăăšă§ăăăăă©ă«ăă§ăŻăMimikatzăŻTGTă10ćčŽéçœČćăăŸăăăăăŻăăăźćŸăźTGSăȘăŻăšăčăă§ç°ćžžăšăăŠçźç«ăĄăŸăă
Lifetime : 3/11/2021 12:39:57 PM ; 3/9/2031 12:39:57 PM ; 3/9/2031 12:39:57 PM
/startoffset
ă/endin
ăăăăł/renewmax
ăă©ăĄăŒăżăäœżçšăăŠăéć§ăȘăă»ăăăæéăăăăłæ性æŽæ°ćæ°ïŒăăčăŠććäœïŒăć¶ćŸĄăăŸăă
çłăèšłăăăŸăăăăTGTăźæćčæéăŻ4769ăźăă°ă«èšéČăăăŠăăȘăăăăăăźæ ć ±ăŻWindowsă€ăăłăăă°ă«ăŻèŠă€ăăăŸăăăăăăăçžéąăăăăăšăă§ăăăźăŻăćăź4768ăȘăă§4769ăèŠăăăšă§ăăTGTăȘăă§TGSăèŠæ±ăăăăšăŻă§ăăŸăăăTGTăçșèĄăăăèšéČăăȘăć ŽćăăăăăȘăă©ă€ăłă§ćœé ăăăăšæšæžŹă§ăăŸăă
ăăźæ€ćșăćéżăăăăă«ăăă€ă€ăąăłăăă±ăăăçąșèȘăăŠăă ăăïŒ
Diamond Ticket4624: ăąă«ăŠăłăăă°ăȘăł
4672: 知çè ăă°ăȘăł
Get-WinEvent -FilterHashtable @{Logname='Security';ID=4672} -MaxEvents 1 | Format-List âProperty
éČćŸĄè ăă§ăăä»ăźć°ăăȘăăȘăăŻăŻăăăă©ă«ăăźăăĄă€ăłçźĄçè ăąă«ăŠăłăăȘă©ăźææăȘăŠăŒă¶ăŒăźăăă«4769ă«ăąă©ăŒăăćșăăăšă§ăă
AWSăăăăłă°ăćŠăłăç·ŽçżăăïŒHackTricks Training AWS Red Team Expert (ARTE) GCPăăăăłă°ăćŠăłăç·ŽçżăăïŒHackTricks Training GCP Red Team Expert (GRTE)