Linux command
gettgt.py 命令
网络
复制后可按需替换文件名、目录或参数。
常用示例
Get TGT for
getTGT.py [domain]/[username]:[password] -dc-ip [dc_ip]
Using NTLM hash
getTGT.py [domain]/[username] -hashes :[ntlm_hash] -dc-ip [dc_ip]
Using AES key
getTGT.py [domain]/[username] -aesKey [aes_key] -dc-ip [dc_ip]
Save to file
getTGT.py [domain]/[username]:[password] -dc-ip [dc_ip] -o [ticket.ccache]
说明
getTGT.py is an Impacket tool that requests Kerberos TGT (Ticket Granting Tickets) from Active Directory domain controllers. It authenticates using passwords, hashes, or AES keys. The tool obtains tickets for use in Kerberos-based attacks or legitimate authentication. Tickets can be exported in ccache format for use with other tools. getTGT.py enables Kerberos ticket acquisition in penetration testing.
参数
- -dc-ip _IP_
- Domain controller IP.
- -hashes _LMHASH:NTHASH_
- NTLM hashes.
- -aesKey _KEY_
- AES encryption key.
- -o _FILE_
- Output file.
- --help
- Display help information.
FAQ
What is the gettgt.py command used for?
getTGT.py is an Impacket tool that requests Kerberos TGT (Ticket Granting Tickets) from Active Directory domain controllers. It authenticates using passwords, hashes, or AES keys. The tool obtains tickets for use in Kerberos-based attacks or legitimate authentication. Tickets can be exported in ccache format for use with other tools. getTGT.py enables Kerberos ticket acquisition in penetration testing.
How do I run a basic gettgt.py example?
Run `getTGT.py [domain]/[username]:[password] -dc-ip [dc_ip]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -dc-ip _IP_ do in gettgt.py?
Domain controller IP.