GIUDA

GET a TGS on behalf of another user without password

Scenario: you are Local Administrator and there is a logged User you want to Impersonate! Goal: From Local Admin to Domain Admin with Kerberos TGS Required: Local Administrator and a Domain Admin Logged (or Disconnected). In this guide the Domain Admin User is CALIPENDULA\fagiolo

ask to GIUDA for a shell as SYSTEM
GIUDA -runaslsass or
GIUDA -runaspid:PID (a NT AUTHORITY\SYSTEM's PID, enumerate by yourself)
ask to GIUDA to show ALL Logged User's LUID
GIUDA -askluids

take the LUID that you want to impersonate and ask GIUDA to get the msdsspn that you want
use PSSession to log on the Domain Controller

Thanks

Thank you to ewan22, he does a very powerful set of Pascal Units for AD

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
README.md		README.md
giuda.exe		giuda.exe
giuda.lpi		giuda.lpi
giuda.lpr		giuda.lpr
kerberos.pas		kerberos.pas
uadvapi32.pas		uadvapi32.pas
ucryptoapi.pas		ucryptoapi.pas
udebug.pas		udebug.pas
uhandles.pas		uhandles.pas
uimagehlp.pas		uimagehlp.pas
ulsa.pas		ulsa.pas
umemory.pas		umemory.pas
upsapi.pas		upsapi.pas
usecur32.pas		usecur32.pas

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

GIUDA

Thanks

About

Releases

Packages

Languages

ADDomain/GIUDA

Folders and files

Latest commit

History

Repository files navigation

GIUDA

Thanks

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages