mimikatz icon indicating copy to clipboard operation
mimikatz copied to clipboard

Published 20 hours ago verified publisher icon gentilkiwi

Kerberos Golden Ticket PAC Updates for the Nov2021 Microsoft Updates

Open JoeDibley opened this issue 3 years ago • 3 comments

New switch for Golden::Kerberos /oldpac for original behavior for unpatched domain controllers (or patched domain controllers where PacRequestorEnforcement = 0 or 1).

New fields added:

  • UPN_DNS_INFO
  • PAC_REQUESTOR
  • PAC_ATTRIBUTE_INFO

Requires #368 to build without warnings.

Links:

JoeDibley avatar Nov 23 '21 16:11 JoeDibley

Interesting PR :) Looks like PAC_ATTRIBUTES_INFO is not declared though. Shouldn't it be created like in your other closed PR? https://github.com/gentilkiwi/mimikatz/pull/379/files#diff-ab813c3eae657d6a046ca00057a7a32bf229a161f9f957821468bc195c870f84R32-R40

cnotin avatar Feb 24 '22 17:02 cnotin

@cnotin Thanks for this. Looks like i lost the changes when making the merge more presentable. I have amended the commit to now include the changes in kull_m_rpc_ms-pac.h as looks like i just missed the file completely. This should now be ready to go

JoeDibley avatar Feb 25 '22 10:02 JoeDibley

It compiles and work fine now, even against PacRequestorEnforcement=2

cnotin avatar Feb 25 '22 15:02 cnotin