Skip to Main Content
Mastering Kali Linux for Advanced Penetration Testing - Third Edition
book

Mastering Kali Linux for Advanced Penetration Testing - Third Edition

by Vijay Kumar Velu, Robert Beggs
January 2019
Intermediate to advanced content levelIntermediate to advanced
548 pages
12h 7m
English
Packt Publishing
Content preview from Mastering Kali Linux for Advanced Penetration Testing - Third Edition

Compromising Kerberos – the golden-ticket attack

Another set of more sophisticated (and more recent) attacks is the abuse of Microsoft Kerberos vulnerabilities in an Active Directory environment. A successful attack leads to attackers compromising domain controllers and then escalating the privilege to the enterprise admin-and schema admin-level using the Kerberos implementation.

The following are typical steps when a user logs on with a username and password in a Kerberos-based environment:

  1. User's password is converted into an NTLM hash with a timestamp and then it is sent over to the Key Distribution Center (KDC).
  2. Domain controller checks the user information and creates a (Ticket-Granting Ticket (TGT).
  3. This TGT can be accessed only by ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

Vijay Kumar Velu
Kali Linux 2018: Assuring Security by Penetration Testing - Fourth Edition

Kali Linux 2018: Assuring Security by Penetration Testing - Fourth Edition

Shiva V. N. Parasram, Alex Samm, Damian Boodoo, Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Publisher Resources

ISBN: 9781789340563Supplemental Content