Stats
Actions
Tags
Guides Pass-the-Ticket (PtT) attacks: extract Kerberos tickets from LSASS memory using Mimikatz/Rubeus, inject for impersonation and lateral movement in red-team exercises.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:conducting-pass-the-ticket-attackThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
票据传递(PtT)是一种横向移动技术,使用窃取的 Kerberos 票据(TGT 或 TGS)在不知道用户密码的情况下向服务进行认证。通过从已控制主机的内存(LSASS)中提取 Kerberos 票据,攻击者可以将这些票据注入自己的会话,以模拟票据所有者身份并以该用户身份访问资源。
票据传递(PtT)是一种横向移动技术,使用窃取的 Kerberos 票据(TGT 或 TGS)在不知道用户密码的情况下向服务进行认证。通过从已控制主机的内存(LSASS)中提取 Kerberos 票据,攻击者可以将这些票据注入自己的会话,以模拟票据所有者身份并以该用户身份访问资源。
| 工具 | 用途 | 命令 |
|---|---|---|
| Mimikatz | 票据导出/导入 | sekurlsa::tickets /export, kerberos::ptt |
| Rubeus | 票据转储和注入 | dump, ptt, tgtdeleg |
| Impacket ticketConverter | 格式转换 | ticketConverter.py ticket.kirbi ticket.ccache |
| Impacket psexec/smbexec | 使用票据远程执行 | KRB5CCNAME=ticket.ccache psexec.py |
npx claudepluginhub killvxk/cybersecurity-skills-zhGuides conducting Pass-the-Ticket attacks for red-teaming: extract Kerberos tickets from LSASS with Mimikatz/Rubeus, inject for passwordless lateral movement.
Demonstrates Pass-the-Ticket (PtT) lateral movement using stolen Kerberos tickets extracted from LSASS memory with Mimikatz or Rubeus.
Conducts Pass-the-Ticket lateral movement attacks using stolen Kerberos tickets (TGT/TGS). Covers ticket extraction from LSASS, injection, and lateral movement. For red team assessments.