Kerberos Golden Ticket PAC Updates for the Nov2021 Microsoft Updates

gentilkiwi / mimikatz

A little tool to play with Windows security

http://blog.gentilkiwi.com/mimikatz

18.99k stars 3.62k forks source link

Kerberos Golden Ticket PAC Updates for the Nov2021 Microsoft Updates #380

Open JoeDibley opened 2 years ago

JoeDibley commented 2 years ago

New switch for Golden::Kerberos /oldpac for original behavior for unpatched domain controllers (or patched domain controllers where PacRequestorEnforcement = 0 or 1).

New fields added:

UPN_DNS_INFO
PAC_REQUESTOR
PAC_ATTRIBUTE_INFO

Requires #368 to build without warnings.

Links:

cnotin commented 2 years ago

Interesting PR :) Looks like PAC_ATTRIBUTES_INFO is not declared though. Shouldn't it be created like in your other closed PR? https://github.com/gentilkiwi/mimikatz/pull/379/files#diff-ab813c3eae657d6a046ca00057a7a32bf229a161f9f957821468bc195c870f84R32-R40

JoeDibley commented 2 years ago

@cnotin Thanks for this. Looks like i lost the changes when making the merge more presentable. I have amended the commit to now include the changes in kull_m_rpc_ms-pac.h as looks like i just missed the file completely. This should now be ready to go

cnotin commented 2 years ago

It compiles and work fine now, even against PacRequestorEnforcement=2