Use Alternate Authentication Material
Application Access Token
Pass the Hash
Overpass The Hash/Pass The Key (PTK)
Impacket
Request the TGT with hash
Request the TGT with aesKey (more secure encryption, probably more stealth due is the used by default by Microsoft)
Request the TGT with password
Set the TGT for impacket use
Execute remote commands with any of the following by using the TGT
Rubeus and PsExec
Ask and inject the ticket
Execute a cmd in the remote machine
Pass the Ticket
Pass The Ticket (PTT)
Harvest tickets from Linux
Check type and location of tickets:
If none return, default is
FILE:/tmp/krb5cc_%{uid}
.In case of file tickets, you can copy-paste (if you have permissions) for use them.
Harvest tickets from Windows
After dump with Rubeus tickets in base64, to write the in a file
Using ticket in Linux:
Set the ticket for impacket use
Execute remote commands with any of the following by using the TGT
Using ticket in Windows
Web Session Cookie
Last updated
Was this helpful?