.. / Impacket-PsExec-PassTheTicket
Star

Impacket’s psexec.py offers psexec like functionality. This will give you an interactive shell on the Windows host. psexec.py also allows using Service Tickets, saved as a ccache file for Authentication. It can be obtained via Impacket’s GetST.py

Command Reference:

Target IP: 10.10.10.1

Domain: test.local

Username: john

Command:

export KRB5CCNAME=/full/path/to/john.ccache; python3 psexec.py test.local/john@10.10.10.1 -k -no-pass

References:

https://github.com/SecureAuthCorp/impacket/blob/master/examples/psexec.py

https://www.sans.org/blog/psexec-python-rocks/

https://book.hacktricks.xyz/windows/active-directory-methodology/pass-the-ticket#pass-the-ticket-attack

.. / Impacket-PsExec-PassTheTicket Star if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

.. / Impacket-PsExec-PassTheTicket
Star