aryma/Ares-mythic
1
0
Fork 0
mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 21:44:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
14397b72f4de95bff49f393741e1c917f0fc170e
Ares-mythic/documentation-payload/apollo/commands/ticket_cache_purge.md
Aryma 2f05f67733 first commit
2026-04-14 12:17:24 +07:00

1.1 KiB
Raw Blame History

+++ title = "ticket_cache_purge" chapter = false weight = 103 hidden = false +++

{{% notice info %}} Artifacts Generated: WindowsAPIInvoke {{% /notice %}}

Summary

Remove the specified ticket(s) from the current logon session, this uses LSA APIs to delete tickets from the active logon session on the host.

Arguments

serviceName

the name of the service to remove, needs to include the domain name, not required if -all flag is present

All (Optional)

Argument flag to remove all tickets from the current logon session

luid (Optional)

Optional argument to remove a ticket from the cache of a different logon session, must be elevated.

Usage

ticket_cache_purge -luid [luidValue] -serviceName  [serviceName] -All

Example

ticket_cache_purge -serviceName  ldap/machineName.DomainName.local/domainName.local@DomainName.local
ticket_cache_purge -serviceName  cifs/machineName@DomainName.local
ticket_cache_purge -all
ticket_cache_purge -luid 0xabcd123 -serviceName  cifs/machineName@DomainName.local
ticket_cache_purge -luid 0xabcd123  -All

MITRE ATT&CK Mapping

  • T1550
Reference in New Issue View Git Blame Copy Permalink