DOT-Files/Gentoo/gentooamd/home/user/.tldrc/tldr/pages/common/getst.py.md

# getST.py

> Request a Kerberos Service Ticket (TGS).
> Part of the Impacket suite.
> More information: <https://github.com/fortra/impacket>.

- Request a service ticket for a specific SPN:

`getST.py {{domain}}/{{username}}:{{password}} -spn {{service}}/{{target}}`

- Request a ticket using NTLM hashes (pass-the-hash):

`getST.py -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}} -spn {{service}}/{{target}}`

- Request a ticket using existing Kerberos ccache file:

`getST.py -no-pass -k {{domain}}/{{username}} -spn {{service}}/{{target}}`

- Impersonate another user via S4U2Self (requires delegation rights):

`getST.py -k -impersonate {{target_user}} {{domain}}/{{username}} -spn {{service}}/{{target}}`

- Force the ticket to be forwardable (Bronze Bit):

`getST.py -force-forwardable -k {{domain}}/{{username}} -spn {{service}}/{{target}}`
Automated updated process of shell scripts and DOT Files (gentooamd) 2026-06-12 17:51:25 -06:00			`# getST.py`

			`> Request a Kerberos Service Ticket (TGS).`
			`> Part of the Impacket suite.`
			`> More information: <https://github.com/fortra/impacket>.`

			`- Request a service ticket for a specific SPN:`

			`getST.py {{domain}}/{{username}}:{{password}} -spn {{service}}/{{target}}`

			`- Request a ticket using NTLM hashes (pass-the-hash):`

			`getST.py -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}} -spn {{service}}/{{target}}`

			`- Request a ticket using existing Kerberos ccache file:`

			`getST.py -no-pass -k {{domain}}/{{username}} -spn {{service}}/{{target}}`

			`- Impersonate another user via S4U2Self (requires delegation rights):`

			`getST.py -k -impersonate {{target_user}} {{domain}}/{{username}} -spn {{service}}/{{target}}`

			`- Force the ticket to be forwardable (Bronze Bit):`

			`getST.py -force-forwardable -k {{domain}}/{{username}} -spn {{service}}/{{target}}`