module
Kerberos Silver/Golden/Diamond/Sapphire Ticket Forging
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
This module forges a Kerberos ticket. Four different techniques can be used:
- Silver ticket: Using a service account hash, craft a ticket impersonating any user and privileges to that account.
- Golden ticket: Using the krbtgt hash, craft a ticket impersonating any user and privileges.
- Diamond ticket: Authenticate to the domain controller, and using the krbtgt hash, copy the PAC from the authenticated user to a forged ticket.
- Sapphire ticket: Use the S4U2Self+U2U trick to retrieve the PAC of another user, then use the krbtgt hash to craft a forged ticket.
- Silver ticket: Using a service account hash, craft a ticket impersonating any user and privileges to that account.
- Golden ticket: Using the krbtgt hash, craft a ticket impersonating any user and privileges.
- Diamond ticket: Authenticate to the domain controller, and using the krbtgt hash, copy the PAC from the authenticated user to a forged ticket.
- Sapphire ticket: Use the S4U2Self+U2U trick to retrieve the PAC of another user, then use the krbtgt hash to craft a forged ticket.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.