![]() ![]() Successful injection at process 25794 of velociraptor,look for tickets in /tmp/_krb_ache ![]() ![]() Trying to inject in velociraptor session… Successful injection at process 25723 of tarlogic,look for tickets in /tmp/_krb_ache root detected, so… DUMP ALL THE TICKETS!! krb5 ccache_name = KEYRING:session:sess_% Therefore, to perform a successful injection, the binary must be in a folder which all users have access, like /tmp. Important: when injects in another process, tickey performs an execve syscall which invocates its own binary from the context of another user. ![]() -s => To not print in output (for injection).-i => To perform process injection if it is needed.InstallĪfter that, binary should be in dist/Release/GNU-Linux/. A tool to extract Kerberos tickets from Linux kernel keys.īased on the paper Kerberos Credential Thievery (GNU/Linux). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |