impacket-gettgt 命令

常用示例

说明

impacket-gettgt requests a Kerberos Ticket Granting Ticket (TGT) from an Active Directory domain controller. The TGT is saved to a ccache file that can be used for subsequent Kerberos authentication with other tools. This tool is useful for obtaining Kerberos tickets when you have valid credentials (password, hash, or AES key) and need to authenticate to Kerberos-enabled services. The resulting ccache file can be exported via the KRB5CCNAME environment variable.

参数

-hashes _LMHASH:NTHASH_

Use NTLM hashes for authentication instead of password.

-no-pass

Don't ask for password (useful together with -k).

-k

Use Kerberos authentication; grab credentials from ccache file (KRB5CCNAME).

-aesKey _KEY_

AES key to use for Kerberos authentication (128 or 256 bit).

-dc-ip _IP_

IP address of the domain controller (KDC). If omitted, the domain part of the identity is used.

-service _SPN_

Request a service ticket directly through an AS-REQ for the given SPN.

-principalType _TYPE_

Principal name type (default NT_PRINCIPAL).

-debug

Enable debug output.