Miscellaneous

Create a hidden program

Unless /show is passed with random /netonly credentials, displaying the PID and LUID.

Rubeus.exe createnetonly /program:"C:\Windows\System32\cmd.exe" [/show] [/ticket:BASE64 | /ticket:FILE.KIRBI]

Reset a user's password from a supplied TGT - AoratoPw

Rubeus.exe changepw </ticket:BASE64 | /ticket:FILE.KIRBI> /new:PASSWORD [/dc:DOMAIN_CONTROLLER] [/targetuser:DOMAIN\USERNAME]

Calculate rc4_hmac, aes128_cts_hmac_sha1, aes256_cts_hmac_sha1, and des_cbc_md5 hashes

Rubeus.exe hash /password:X [/user:USER] [/domain:DOMAIN]

Substitute an sname or SPN into an existing service ticket

Rubeus.exe tgssub </ticket:BASE64 | /ticket:FILE.KIRBI> /altservice:ldap [/ptt] [/luid] [/nowrap]
Rubeus.exe tgssub </ticket:BASE64 | /ticket:FILE.KIRBI> /altservice:cifs/computer.domain.com [/ptt] [/luid] [/nowrap]

Display the current user's LUID

Display the current user's LUID
Rubeus.exe currentluid

Display information about the (current) or (target) logon session, default all readable

Rubeus.exe logonsession [/current] [/luid:X]

Redirect all console output to the file specified

The "/consoleoutfile:C:\FILE.txt" argument redirects all console output to the file specified.
The "/nowrap" flag prevents any base64 ticket blobs from being column wrapped for any function.
The "/debug" flag outputs ASN.1 debugging information.
PreviousasreproastNextCompile

Last updated