graph.md

flowchart RL
  subgraph legend ["Legend"]
    subgraph legendEdges [" "]
        start1[ ] -.->|Existing support| stop1[ ]
        start2[ ] -->|New in Metasploit 6.3| stop2[ ]
    end
    subgraph legendNodes [" "]
        NODE1[What you have]
        NODE2((Service))
    end
  end

  style authenticationMethods fill:transparent,stroke:transparent
  style legendEdges fill:transparent,stroke:transparent
  style legendNodes fill:transparent,stroke:transparent

  subgraph authenticationMethods ["Metasploit's Authentication Methods"]
    PT[Plaintext\nCredentials] -.->|"Via MD4()"| NTLM[NTLM Hash]
    PT -->|Via KDC| TGT["Kerberos\nTicket-Granting-Ticket\n(TGT)"]
    PT -.->|Via\nSimple\nBind| LDAP
    PT -.->|Via\nBasic\nAuth| HTTP

    subgraph New Metasploit 6.3 Authorization Workflows
      KRBTGT[krbtgt\nAccount\nSecrets] -->|Via Golden Ticket| TGT
      TGT -->|Via KDC| TGS["Kerberos\nTicket-Granting-Service\n(TGS)"]
      KRBSVC[Service\nAccount\nSecrets] -->|Via Silver Ticket| TGS
      KRBMCN[Machine\nAccount\nSecrets] -->|Via Silver Ticket| TGS
      CERT -->|Via PKINIT| TGT
    end

    NTLM -->|Via AD CS| CERT[Certificate]
    NTLM  -.-> HTTP((HTTP))
    NTLM  --> LDAP((LDAP))
    NTLM  -.-> MSSQL((MSSQL))
    NTLM  -.-> SMB((SMB))
    NTLM  -.-> WinRM((WinRM))
    NTLM  --> TGT
    TGS --> HTTP
    TGS --> LDAP
    TGS --> MSSQL
    TGS --> SMB
    TGS --> WinRM

    subgraph Windows Services
      HTTP
      LDAP
      MSSQL
      SMB
      WinRM
    end
  end