Some scripts to abuse kerberos using Powershell. Check how to use video (Thanks to @BRIPWN):
Small tool for injecting kerberos tickets. Supports two work modes:
- U can read ticket from kirbi file (1 mode)
- U can read ticket from b64 (2 mode)
Examples:
.\injector.ps1 1 A:\SSD\Share\ticket.kirbi
.\injector.ps1 2 "doi.....q"
This tool allows you to dump Kerberos tickets from the LSA cache. Implemented via Add-Type.
If the tool is run as a privileged user, it will automatically obtain NT AUTHORITY\SYSTEM privileges and then dump all tickets. If the tool is run as a non-privileged user, it will only dump tickets from the current logon session.
Examples:
.\dumper.ps1