xan7r
/ decryptKerbTicket.py
Last active
April 10, 2024 04:29
Decrypt kerberos tickets and parse out authorization data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # NOTE: this script was created for educational purposes to assist learning about kerberos tickets. | |
| # Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets. | |
| # | |
| # Recommended Instructions: | |
| # Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export" | |
| # Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>" | |
| # Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket) | |
| # Run this script to decrypt: | |
| # ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./Administrator@TESTLAB.LOCAL_krbtgt~TESTLAB.LOCAL@TESTLAB.LOCAL.ccaches |
loilo
/ get-local-iso-string.js
Last active
September 12, 2023 07:39
ISO 8601 date string – like Date.prototype.toISOString(), but with local timezone offset
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function getLocalISOString(date) { | |
| const offset = date.getTimezoneOffset() | |
| const offsetAbs = Math.abs(offset) | |
| const isoString = new Date(date.getTime() - offset * 60 * 1000).toISOString() | |
| return `${isoString.slice(0, -1)}${offset > 0 ? '-' : '+'}${String(Math.floor(offsetAbs / 60)).padStart(2, '0')}:${String(offsetAbs % 60).padStart(2, '0')}` | |
| } |
alexisrolland
/ Install Kerberos in Docker
Last active
May 28, 2024 10:53
Example of commands to install and use Kerberos in Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install Kerberos in Linux based Docker image | |
| $ export DEBIAN_FRONTEND=noninteractive | |
| $ apt-get install -y krb5-user libpam-krb5 | |
| $ kinit <account>@<COMPANY>.ORG | |
| $ klist | |
| # Create keytab file | |
| $ ktutil | |
| $ addent -password -p <account>@<COMPANY>.ORG -k 1 -e arcfour-hmac | |
| $ write_kt <account>.keytab |
OlderNewer