Kerberos Silver Ticket Attack Explained
Вставка
- Опубліковано 14 лис 2021
- I'm finally back and continuing with the Kerberos videos I promised you ages ago. This time we're looking at the silver ticket attack, which lets us pretend to be domain admin for a specific service.
Here are the previous videos I mentioned:
Kerberos explained: • Kerberos Explained (In...
Kerberoasting: • Impacket GetUserSPNs &...
Golden ticket attack: • Kerberos Golden Ticket...
Tools I mentioned:
Rubeus: github.com/GhostPack/Rubeus
The Rubeus GUI I'm working on: github.com/VbScrub/Rubeus-GUI
My GetDomainSID tool: github.com/VbScrub/GetDomainSID - Наука та технологія
Here are the previous videos I mentioned:
Kerberos explained: ua-cam.com/video/snGeZlDQL2Q/v-deo.html
Kerberoasting: ua-cam.com/video/xH5T9-m9QXw/v-deo.html
Golden ticket attack: ua-cam.com/video/o98_eRt777Y/v-deo.html
Tools I mentioned:
Rubeus: github.com/GhostPack/Rubeus
The Rubeus GUI I'm working on: github.com/VbScrub/Rubeus-GUI
My GetDomainSID tool: github.com/VbScrub/GetDomainSID
you don't know how much I appreciate your content, it's amazing... not only your way of explaining but the simplicity with which you do it, thanks Vbscrub!
Always nice to hear, thanks!
Good explanation, thanks! Also your voice and video editing is chilling and enjoyable.
thanks, glad to hear that
Good to see you back VBScrub!
im learning to the oscp exam, and your realy helping me ty so much i realy love they way you explain!
By the way, your videos about windows are amazing,.
Welcome back, mate!
This video is not in the tutorials playlist of yours.
Thanks for all the videos!
Awesome stuff!
Welcome back!
Very informative, If you can complete the gui tool on the golden ticket , that’s something cool
yeah sorry, I actually did like 99% of the work to get the golden ticket part of the tool working but then just never got round to fully testing it so wasn't comfortable with releasing it
thanks, very helpful
thank you
helpful for your new box thanks :p
haha shhh no spoilers
Is that something that you found regularly during assessments? (User accounts with weak passwords instead of GMSA)
i tested this method but i couldn't access to plain text with hashcat has it another way to access to silver ticket without hash crack?
If I am able to crack the service account hash via kerberoasting and authenticate to the sqlservice, what's the purpose of creating a "fake account" that enable us to log in into the sql service?
Thx
I tried to reproduce the steps you did in this video but I cannot login from remote computer. Did you use stock MSSQL configuration or you had to setup MSSQL?
I think all I did was enable TCP connections in the SQL connection manager thing and allow the SQL port through the windows firewall on the server
Would you tell us a machine in HTB that can apply the knowledge learn in this video ?
I've seen kerberoasting in a few HTB machines (one called Active) but haven't actually seen silver tickets in any of the ones I've done. Bear in mind I've only done about 15 HTB machines though
Scrambled
Easy way to find sid "whoami /user" good explanation though
if you're running a reverse shell on a domain joined machine sure, but this is obviously not for that scenario