Kerberos

Synchronize Time

Using ntpdate:
$ sudo apt install ntpdate -y
$ sudo ntpdate <DC_IP>
Using faketime:
$ sudo apt install faketime -y
$ faketime '1970-01-01 00:00:00' /bin/date

Kerberos on Linux

Check KRB5CCNAME environment variable contents:
$ env | grep KRB5
Request TGT supplying password:
$ kinit
$ klist
List available SPNs:
$ ldapsearch -Y GSSAPI -H ldap://dc1.megacorp.local -D "[email protected]" -W -b "dc=megacorp,dc=local" "servicePrincipalName=*" servicePrincipalName
Request TGS for MSSQL service:
$ kvno MSSQLSvc/SRV01.megacorp.local:1433
$ klist
Re-using keytab files to load and renew a TGT:
$ kinit [email protected] -k -t /tmp/administrator.keytab
$ klist
$ kinit -R
Re-using ccache files:
$ sudo chown snovvcrash:snovvcrash /tmp/krb5cc_31337
$ kdestroy
$ export KRB5CCACHE=/tmp/krb5cc_31337
$ klist

FreeIPA

A blog series by @n0pe_sled on attacking FreeIPA: