Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
18 views3 pages

Message

The document displays the output of the Rubeus tool's 'klist' command, which lists Kerberos tickets for various users in a domain. It includes details such as usernames, domains, logon times, authentication packages, and ticket information for users like Steven.Sanchez and Administrator. The output also shows ticket flags and the validity periods for each ticket.

Uploaded by

lightradio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
18 views3 pages

Message

The document displays the output of the Rubeus tool's 'klist' command, which lists Kerberos tickets for various users in a domain. It includes details such as usernames, domains, logon times, authentication packages, and ticket information for users like Steven.Sanchez and Administrator. The output also shows ticket flags and the validity periods for each ticket.

Uploaded by

lightradio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

C:\Users\Steven.Sanchez\Documents>.\rubeus.

exe klist
.\rubeus.exe klist

______ _
(_____ \ | |
_____) )_ _| |__ _____ _ _ ___
| __ /| | | | _ \| ___ | | | |/___)
| | \ \| |_| | |_) ) ____| |_| |___ |
|_| |_|____/|____/|_____)____/(___/

v2.2.0

Action: List Kerberos Tickets (All Users)

[*] Current LUID : 0x3e7

UserName : Steven.Sanchez
Domain : core
LogonId : 0x4657a0
UserSID : S-1-5-21-1559563558-3652093953-1250159885-1113
AuthenticationPackage : NTLM
LogonType : Network
LogonTime : 5/5/2025 10:46:36 AM
LogonServer : COREDC
LogonServerDNSDomain : core.cyber.local
UserPrincipalName : [email protected]

[0] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/5/2025 10:52:55 AM ; 5/5/2025 11:07:55 AM ; 5/11/2025
11:18:37 PM
Server Name : corewebtw$ @
Client Name : Steven.Sanchez @ core.cyber.local
Flags : name_canonicalize, ok_as_delegate, pre_authent,
renewable, forwardable (40a50000)

UserName : Administrator
Domain : core
LogonId : 0x2faed
UserSID : S-1-5-21-1559563558-3652093953-1250159885-500
AuthenticationPackage : Kerberos
LogonType : Interactive
LogonTime : 5/4/2025 11:18:51 PM
LogonServer : COREDC
LogonServerDNSDomain : CORE.CYBER.LOCAL
UserPrincipalName : [email protected]

[0] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/5/2025 10:15:04 AM ; 5/5/2025 7:03:52 PM ; 5/11/2025
11:18:52 PM
Server Name : krbtgt/CORE.CYBER.LOCAL @ CORE.CYBER.LOCAL
Client Name : Administrator @ CORE.CYBER.LOCAL
Flags : name_canonicalize, pre_authent, renewable, forwarded,
forwardable (60a10000)

[1] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/5/2025 10:15:04 AM ; 5/5/2025 7:03:52 PM ; 5/11/2025
11:18:52 PM
Server Name : cifs/coredc.core.cyber.local/core.cyber.local @
CORE.CYBER.LOCAL
Client Name : Administrator @ CORE.CYBER.LOCAL
Flags : name_canonicalize, ok_as_delegate, pre_authent,
renewable, forwardable (40a50000)

[2] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/5/2025 10:14:58 AM ; 5/5/2025 7:03:52 PM ; 5/11/2025
11:18:52 PM
Server Name : LDAP/coredc.core.cyber.local/core.cyber.local @
CORE.CYBER.LOCAL
Client Name : Administrator @ CORE.CYBER.LOCAL
Flags : name_canonicalize, ok_as_delegate, pre_authent,
renewable, forwardable (40a50000)

UserName : COREWEBTW$
Domain : core
LogonId : 0x3e4
UserSID : S-1-5-20
AuthenticationPackage : Negotiate
LogonType : Service
LogonTime : 5/4/2025 11:18:35 PM
LogonServer :
LogonServerDNSDomain :
UserPrincipalName : [email protected]

[0] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/5/2025 8:48:37 AM ; 5/5/2025 6:48:37 PM ; 5/11/2025
11:18:37 PM
Server Name : krbtgt/CORE.CYBER.LOCAL @ CORE.CYBER.LOCAL
Client Name : corewebtw$ @ CORE.CYBER.LOCAL
Flags : name_canonicalize, pre_authent, renewable, forwarded,
forwardable (60a10000)

[1] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/5/2025 9:03:39 AM ; 5/5/2025 6:48:37 PM ; 5/11/2025
11:18:37 PM
Server Name : cifs/coredc.core.cyber.local @ CORE.CYBER.LOCAL
Client Name : corewebtw$ @ CORE.CYBER.LOCAL
Flags : name_canonicalize, ok_as_delegate, pre_authent,
renewable, forwardable (40a50000)

[2] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/4/2025 11:18:37 PM ; 5/5/2025 9:18:37 AM ; 5/11/2025
11:18:37 PM
Server Name : GC/coredc.core.cyber.local/cyber.local @ CORE.CYBER.LOCAL
Client Name : corewebtw$ @ CORE.CYBER.LOCAL
Flags : name_canonicalize, ok_as_delegate, pre_authent,
renewable, forwardable (40a50000)

[3] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/4/2025 11:18:37 PM ; 5/5/2025 9:18:37 AM ; 5/11/2025
11:18:37 PM
Server Name : ldap/coredc.core.cyber.local/core.cyber.local @
CORE.CYBER.LOCAL
Client Name : corewebtw$ @ CORE.CYBER.LOCAL
Flags : name_canonicalize, ok_as_delegate, pre_authent,
renewable, forwardable (40a50000)

UserName : COREWEBTW$
Domain : core
LogonId : 0x3e7
UserSID : S-1-5-18
AuthenticationPackage : Negotiate
LogonType : 0
LogonTime : 5/4/2025 11:18:35 PM
LogonServer :
LogonServerDNSDomain : core.cyber.local
UserPrincipalName : [email protected]

[0] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/5/2025 10:57:18 AM ; 5/5/2025 7:03:52 PM ; 5/11/2025
11:18:52 PM
Server Name : krbtgt/CORE.CYBER.LOCAL @ CORE.CYBER.LOCAL
Client Name : Administrator @ CORE.CYBER.LOCAL
Flags : name_canonicalize, pre_authent, renewable, forwarded,
forwardable (60a10000)

[1] - 0x12 - aes256_cts_hmac_sha1


Start/End/MaxRenew: 5/5/2025 11:59:48 AM ; 5/5/2025 7:03:52 PM ; 5/11/2025
11:18:52 PM
Server Name : cifs/cymx.cyber.local @ CYBER.LOCAL
Client Name : Administrator @ CORE.CYBER.LOCAL
Flags : name_canonicalize, pre_authent, renewable, forwarded,
forwardable (60a10000)

You might also like