AutoPtT is a standalone tool designed to automate Pass-the-Ticket (PtT) attacks, offering an alternative to established tools like Rubeus and Mimikatz. Implemented in C++ and Python, it provides a robust solution for red team operations and penetration testing within Active Directory environments.
Key features and use cases include:
- Automated PtT (
auto): Streamlines the entire PtT process, automatically dumping and importing Kerberos Ticket Granting Tickets (TGTs) into the current session. - Session Listing (
sessions): Enumerates active logon sessions on a system, similar toklist sessions. - Current Session Ticket Listing (
klist): Displays Kerberos tickets within the current user's session. - All Session Ticket Listing (
tickets): Dumps all Kerberos tickets across all logon sessions, providing functionality akin toRubeus.exe dump. - TGT Export (
export <LogonId>): Allows for the export of a specific TGT given its LogonId, facilitating offline analysis or transfer. - Ticket Import (
ptt <filename.kirbi>): Imports a Kerberos ticket from a specified file, enabling the use of previously acquired tickets for authentication.
AutoPtT is a valuable asset for security professionals conducting internal network assessments, focusing on credential theft and lateral movement techniques.
