Forge Golden Ticket
MITRE ATT&CK, Credential Access, Technique T1558.001
A Golden Ticket attack is a type of attack in which an adversary gains control over an Active Directory Key Distribution Service Account (KRBTGT), and uses that account to forge valid Kerberos Tickets. A golden ticket will allow you to persist in an environment almost indefinitely.
Prerequisites for creating a Golden Ticket:
The NT hash of the
krbtgt
account. This can be obtained from runningsecretsdump.py
on the Domain Controller.Domain SID. This can be obtained by using
LookupSID.py
on the Domain Controller.Domain name. This can be gathered by querying it on the Domain Controller or will have been gathered throughout the penetration test.
Username to impersonate. This should be a valid user on the domain.
Creating a Golden Ticket on Linux with Impacket
1. Use ticket.py to customize, sign, and save the ticket:
2. Export the ticket:
3. Authenticate with the created ticket to the domain controller:
References
Last updated