This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
# NOTE: this script was created for educational purposes to assist learning about kerberos tickets. | |
# Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets. | |
# | |
# Recommended Instructions: | |
# Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export" | |
# Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>" | |
# Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket) | |
# Run this script to decrypt: | |
# ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./Administrator@TESTLAB.LOCAL_krbtgt~TESTLAB.LOCAL@TESTLAB.LOCAL.ccaches |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function getLocalISOString(date) { | |
const offset = date.getTimezoneOffset() | |
const offsetAbs = Math.abs(offset) | |
const isoString = new Date(date.getTime() - offset * 60 * 1000).toISOString() | |
return `${isoString.slice(0, -1)}${offset > 0 ? '-' : '+'}${String(Math.floor(offsetAbs / 60)).padStart(2, '0')}:${String(offsetAbs % 60).padStart(2, '0')}` | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install Kerberos in Linux based Docker image | |
$ export DEBIAN_FRONTEND=noninteractive | |
$ apt-get install -y krb5-user libpam-krb5 | |
$ kinit <account>@<COMPANY>.ORG | |
$ klist | |
# Create keytab file | |
$ ktutil | |
$ addent -password -p <account>@<COMPANY>.ORG -k 1 -e arcfour-hmac | |
$ write_kt <account>.keytab |
OlderNewer