Closed tomkahana closed 6 years ago
TargetName
is not a "KRB-CRED" field. I only display it because it was populated in memory by LSASS.
It's exactly like the "missing" KDC called
field with klist.
In all cases, it's not needed at all to make it works :)
Hi Kiwi! I have windows 10 Enterprise N, using mimikatz 2.1.1. Running mimikatz under admin privileges.
I'm injecting golden ticket by the command: kerberos::golden /admin:user1 /domain:ACME2.COM /sid:S-1-5-21-3657242463-3937142114-3749652718-1428 /krbtgt:6194bd1a5bf3ecd542e8aac9860bddf0 /ticket:acme2.com.kirbi /ptt
It works well and the ticket is injected. However, I noticed that TargetName is not like Service Name, as you can see:
where a real TGT looks like:
I looked at the code and I noticed that _KERB_RETRIEVE_TKT_REQUEST contain TargetName while KERB_SUBMIT_TKT_REQUEST doesn't.
How can I force TargetName to be populated on the injection?
Thank you very much, and let me know additional data you need Tom