/GIUDA

Ask a TGS on behalf of another user without password

Primary LanguagePascal

GIUDA

GET a TGS on behalf of another user without password

Scenario: you are Local Administrator and there is a logged User you want to Impersonate! Goal: From Local Admin to Domain Admin with Kerberos TGS Required: Local Administrator and a Domain Admin Logged (or Disconnected). In this guide the Domain Admin User is CALIPENDULA\fagiolo

  1. ask to GIUDA for a shell as SYSTEM

  2. GIUDA -runaslsass or

  3. GIUDA -runaspid:PID (a NT AUTHORITY\SYSTEM's PID, enumerate by yourself) image

  4. ask to GIUDA to show ALL Logged User's LUID

  5. GIUDA -askluids

image

  1. take the LUID that you want to impersonate and ask GIUDA to get the msdsspn that you want image

  2. use PSSession to log on the Domain Controller image

Thanks

Thank you to ewan22, he does a very powerful set of Pascal Units for AD