This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Pass-the-ticket
Pass-the-ticket

Version management

Difference between version and

At line 1 added 18 lines
!!! Overview[1]
[{$pagename}] ([PtT]) is an [Authentication Method] using [Kerberos] tickets without having access to an account's [password].
[{$pagename}] is a [Kerberos Forged Ticket] [Attack].
[Kerberos] [authentication] can be used as the first step to lateral movement to a remote system.
In this technique, valid [Kerberos] tickets for Legitimate [Credentials] are captured by [Credential] Dumping. A user's [Service Tickets] or [Ticket Granting Ticket] ([TGT]) may be obtained, depending on the level of access. A service ticket allows for access to a particular [resource], whereas a [TGT] can be used to request service tickets from the [Ticket Granting Service] ([TGS]) to access any [resource] the user has [privileges] to access.
[Silver Tickets] can be obtained for services that use [Kerberos] [Authentication Method] and are used to generate tickets to access that particular [resource] and the system that hosts the resource (e.g., SharePoint).2
[Golden Tickets] can be obtained for the [AD DOMAIN] using the [KRBTGT] account [NTLM] [hash], which enables generation of [TGTs] for any account in [Microsoft Active Directory]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Pass the Ticket|https://attack.mitre.org/wiki/Technique/T1097|target='_blank'] - based on information obtained 2017-05-25-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop