getST cannot request a valid PAC when performing a krbtgt delegation attack after KB5008380 #1944
Description
Configuration
impacket version: v0.12.0
Python version: 3.12.9
Target OS: Kali Linux
Issue
I tried to implement the “delegation to krbtgt” attack (https://www.thehacker.recipes/ad/persistence/kerberos/delegation-to-krbtgt) using impacket-getST, however after executing the command
impacket-getST -spn “KRBTGT” -impersonate “TargetedAccount” -dc-ip $dcIp 'DOMAIN'/'ControlledAccountWithSPN': 'PasswordOfControlledAccountWithSPN'
I see in my ticket that the PAC Attributes Info Flags section contains the value PAC_WAS_GIVEN_IMPLICITLY, causing me to subsequently try to get a service ticket KRB5CCNAME='TargetedAccount@krbtgt_DOMAIN@DOMAIN.ccache' impacket-getST -spn 'cifs/target' -k -no-pass 'DOMAIN'/'TargetedAccount'I get the error KDC_ERR_TGT_REVOKED. On the domain controller version windows server 2019 patch KB5008380(5008602) is installed.
@ShutdownRepo please advise if you have tested this attack in an environment where the PAC validation patch is installed? I relied on your research after reviewing the report “AD DS Persistence - Burn it ...Burn it all”, however with the patch installed it did not work.
Is it possible to make corrective changes to getST to get the valid PAC on the ticket?
PAC Problem
ST problem
