Silver Ticket
Last updated
Last updated
Silver ticket is signed and encrypted by the hash of service account which makes it a valid TGS ticket.
| Options | |
|---|---|
HOST Service permission allows to create scheduled tasks in remote computers The Silver ticket needs to be created with the NT Hash of the target machine
With these tickets you can execute WMI in the victim system:
kerberos::golden
Name of the module
/User:Administrator
Username for which the TGT is generated
/domain:
Domain FQDN
/sid:
SID of the domain
/target:
Target server FQDN
/service:
The SPN name of service for which TGS is to be created
/aes256:
AES256 keys of the krbtgt account
/id:500 /groups:512
Optional User and Group RID
/ptt
ptt: inject ticket to current process
/startoffset:0
Optional when the ticket is available in minutes. Use negative for a ticket available from past and a larger number for future.
/endin:600
Optional ticket lifetime in minutes. (default 10 years) The default AD setting is 10 hours = 600 minutes
/renewmax:10080
Optional ticket lifetime with renewal in minutes. (default is 10 years) The default AD setting is 7 days = 100800