.. / Impacket-SilverTicket

Impacket’s ticketer.py can perform Silver Ticket attacks, which crafts a valid TGS ticket for a specific service using a valid user’s NTLM hash. It is then possible to gain access to that service. The following command crafts a TGS for the SMB service, which can then be used to gain a shell.

Command Reference:

Target IP:

Domain: test.local

Username: john

Hash: b18b4b218eccad1c223306ea1916885f

Domain SID: S-1-5-21-1339291983-1349129144-367733775

SMB Service: cifs
Command: Copy References: