Compromising Kerberos – the golden-ticket attack

Another set of more sophisticated (and more recent) attacks is the abuse of Microsoft Kerberos vulnerabilities in an Active Directory environment. A successful attack leads to attackers compromising domain controllers and then escalating the privilege to the enterprise admin-and schema admin-level using the Kerberos implementation.

The following are typical steps when a user logs on with a username and password in a Kerberos-based environment:

  1. User's password is converted into an NTLM hash with a timestamp and then it is sent over to the Key Distribution Center (KDC).
  2. Domain controller checks the user information and creates a (Ticket-Granting Ticket (TGT).
  3. This TGT can be accessed only by ...

Get Mastering Kali Linux for Advanced Penetration Testing - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.