Automating the Pass-The-Ticket attack

AutoPtT enumerates Kerberos tickets and performs Pass-the-Ticket (PtT) attacks interactively or step by step. It is a standalone alternative to Rubeus or Mimikatz for this attack, implemented in C++ and Python.

Repository: https://github.com/ricardojoserf/AutoPtT

You can use the following options:

  • auto - Automated Pass-the-Ticket attack

  • sessions - List logon sessions. Similar to running klist sessions

  • klist - List tickets in the current session. Similar to running klist

  • tickets - List tickets in all sessions (not only TGTs). Similar to running Rubeus.exe dump

  • export - Export a TGT given the LogonId. Similar to running Rubeus.exe dump

  • ptt - Import a ticket file given the file name. Similar to running Rubeus.exe ptt


Examples

Automated Pass-the-Ticket

Choose the index for one of the available TGTs, it gets dumped and imported into your session:

autoptt.exe auto

img6


List logon sessions

autoptt.exe sessions

img1


List tickets in the current session

autoptt.exe klist

img2


List tickets in all sessions

autoptt.exe tickets

img3


Export TGT given the LogonId (in this case, 0x5f7d0)

autoptt.exe export 0x5f7d0

img4


Import ticket file given the file name

autoptt.exe ptt 0x5f7d0_Administrator.kirbi

img5


Written on February 10, 2026