New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added the EncPart param to Request-SPNTicket #180

Merged
merged 1 commit into from Sep 6, 2016

Conversation

Projects
None yet
3 participants
@machosec
Copy link
Contributor

machosec commented Aug 25, 2016

Added new functionality to the Request-SPNTicket function which extracts the encrypted part of the service ticket from the request stream.
The returned hex string is the encrypted portion that can be brute-forced with Kerberoast/Hashcat/JtR to recover the service account's password and create Silver Tickets.
This saves the need to use Mimikatz to dump the ticket (.kirbi file) from memory and parse it later offline.
The functionality had been tested on Win7, Win10 and Server 2012 with various SPNs.

Matan Hart
Add the EncPart param to Request-SPNTicket
Adds the ability to return the encrypted part of the ticket. 
This portion is the encrypted data that can be brute-forced with Kerberoast/Hashcat/JtR
@mubix

This comment has been minimized.

Copy link

mubix commented Aug 25, 2016

Awesome!!!!!!!!!!!!!!!!!!

@HarmJ0y HarmJ0y merged commit 01a289e into PowerShellMafia:dev Sep 6, 2016

@HarmJ0y

This comment has been minimized.

Copy link
Contributor

HarmJ0y commented Sep 6, 2016

Great stuff! Landed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment