Background:
A Golden Ticket Attack involves forging TGTs by using the krbtgt account’s password hash. Each TGT is encrypted using this hash. This attack is regarded as being very difficult to pull off.
Each TGS is encrypted using the hash for a service account. In Kerberoasting, an attacker is able to extract the service account’s hash & then attempts to crack it.
You can’t crack the krbtgt hash because the password is way too complicated.
Question:
Why can’t you just extract the krbtgt hash from any TGT, & then use that for a Golden Ticket Attack (similarly to how you extract other account’s hashes from a TGS via Kerberoasting)?
A Golden Ticket Attack only requires the krbtgt hash & not the clear-text password, so why is this difficult?
I’m definitely missing something, so I’d appreciate any help figuring this out!
[link] [comments]
from hacking: security in practice https://ift.tt/XuhHvRU
Comments
Post a Comment