Kerberos (88)

Impacket - getTGT

getTGT.py -dc-ip 10.10.11.45 domain.htb/GMSA01$ -hashes NTLM_hash
Impacket for Exegol - v0.10.1.dev1+20240403.124027.3e5f85b - Copyright 2022 Fortra - forked by ThePorgs

[*] Saving ticket in GMSA01$.ccache

getTGT.py -dc-ip 10.10.11.45 domain.htb/user:pass

export KRB5CCNAME=FS01\$.ccache

-k option in most tools (bloodyAD, etc) to use kerberos authent

Clock Synchronization

KRB_AP_ERR_SKEW(Clock skew too great)

Detect clock skew automatically with nmap

$ nmap -sV -sC 10.10.10.10
clock-skew: mean: -1998d09h03m04s, deviation: 4h00m00s, median: -1998d11h03m05s

Compute yourself the difference between the clocks

nmap -sT 10.10.10.10 -p445 --script smb2-time -vv

Fix #1: Modify your clock

┌──(kali㉿kali)-[~]
└─$ sudo ntpdate dc.domain.local

rdate -n [IP of Target]

 sudo date -s "14 APR 2015 18:25:16" # Linux 
 net time /domain /set # Windows

Fix #2: Fake your clock

faketime -f '+8h' date

Fix #3: Disable the Network Time Protocol from auto-updating

timedatectl set-ntp off

Fixing the “Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)” Issue While KerberoastingMedium

Kerberos Relay Attacks

SMB (445, 139) / RPC Network Attacks

From NTLM relay to Kerberos relay: Everything you need to knowDecoder's Blog

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Nmap Network Scanning The official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book by Nmap's original author suits all levels of security and networking professionals.
The Art of Network Penetration Testing A guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network.
Network Basics for Hackers The book offers one of the most complete and in-depth analyses of Wi-Fi and Bluetooth networks, then progresses through the various protocols such as DNS, ARP, SMTP, and others.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousIPsec / IKE VPN (500 UDP)NextLDAP (389)

Last updated 7 months ago

hashtagImpacket - getTGT

hashtagClock Synchronization

hashtagFix #1: Modify your clock

hashtagFix #2: Fake your clock

hashtagFix #3: Disable the Network Time Protocol from auto-updating

hashtagKerberos Relay Attacks

hashtagInteresting Books

hashtagSupport this Gitbook