From 75908c5934cd5a62982d69a7d16337a56636108b Mon Sep 17 00:00:00 2001 From: CPol Date: Mon, 18 Apr 2022 15:59:47 +0000 Subject: [PATCH] GitBook: [#3104] No subject --- linux-unix/privilege-escalation/linux-active-directory.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/linux-unix/privilege-escalation/linux-active-directory.md b/linux-unix/privilege-escalation/linux-active-directory.md index 1057e1e1f..f8773eab6 100644 --- a/linux-unix/privilege-escalation/linux-active-directory.md +++ b/linux-unix/privilege-escalation/linux-active-directory.md @@ -4,6 +4,10 @@ A linux machine can also be present inside an Active Directory environment. A linux machine in an AD might be **storing different CCACHE tickets inside files. This tickets can be used and abused as any other kerberos ticket**. In order to read this tickets you will need to be the user owner of the ticket or **root** inside the machine. +### General enumeration + +If you have access over an AD in linux (or bash in Windows) you can try [https://github.com/lefayjey/linWinPwn](https://github.com/lefayjey/linWinPwn) to enumerate the AD. + ### Pass The Ticket In this page you are going to find different places were you could **find kerberos tickets inside a linux host**, in the following page you can learn how to transform this CCache tickets formats to Kirbi (the format you need to use in Windows) and also how to perform a PTT attack: