aryma/Ares-mythic
1
0
Fork 0
mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 13:14:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
224a0013d7a08af66f165aaf05d073b2263dccb3
Ares-mythic/documentation-payload/apollo/commands/ticket_cache_purge.md
Aryma 2f05f67733 first commit
2026-04-14 12:17:24 +07:00

44 lines
1.1 KiB
Markdown
Raw Blame History

+++
title = "ticket_cache_purge"
chapter = false
weight = 103
hidden = false
+++
{{% notice info %}}
Artifacts Generated: WindowsAPIInvoke
{{% /notice %}}
## Summary
Remove the specified ticket(s) from the current logon session, this uses LSA APIs to delete tickets from the active logon session on the host.
### Arguments
#### serviceName
the name of the service to remove, needs to include the domain name, not required if -all flag is present
#### All (Optional)
Argument flag to remove all tickets from the current logon session
#### luid (Optional)
Optional argument to remove a ticket from the cache of a different logon session, must be elevated.
## Usage
```
ticket_cache_purge -luid [luidValue] -serviceName [serviceName] -All
```
Example
```
ticket_cache_purge -serviceName ldap/machineName.DomainName.local/domainName.local@DomainName.local
ticket_cache_purge -serviceName cifs/machineName@DomainName.local
ticket_cache_purge -all
ticket_cache_purge -luid 0xabcd123 -serviceName cifs/machineName@DomainName.local
ticket_cache_purge -luid 0xabcd123 -All
```
## MITRE ATT&CK Mapping
- T1550
Reference in New Issue View Git Blame Copy Permalink