I am no expert, this answer is based on my current knowledge of these attacks from practice environments.
How is PtT (Pass the Ticket) possible? You can easily take someone's
ticket but to use it you need to create an Authenticator, which means
you need to get one of the keys that the client possess (it depends on
which step you are in) and even forge the IP address embedded in the
ticket stolen.
This type of attack you can perform when you gain the NTLM hash or the clear text password of a service account. You basically get a TGS from the Domain Controller, decrypt it using the service's NTLM hash (if you have the password you hash it), modify the group you belong to (modify the PAC) included in that TGS so you gain more privileges, then re-encrypt the ticket again and send it to the service. This ticket is also called a Silver ticket.
It does not sound reasonable to me that given access to client's
computer memory, you would extract only Kerberos tickets and no
session keys or clear text/hashed passwords
Assuming you gained system privileges on that computer, you would want to get NTLM hashes or passwords to use in lateral movement to other accounts in the Active Directory environment you are attacking. I do not think you can do anything with tickets alone (but I am not sure on this one).
If you can't get hashes/passwords, then a possible thing to do is get a TGS for a service (or all the available services), download it to disk, then try to decrypt it to get the service's cleartext password from it (aka Kerberoasting).
If only Kerberos is used, where am I going to find any NTLM hash to
commit OPtH (Over-Pass the Hash)?
When either Kerberos authentication or NTLM is used, when a user is currently logged into a machine in the Active Directory environment you will find their NTLM hash cached in that machine.
The encryption of RC4_HMAC_MD4 is not used by default in nowadays
windows operation systems, so how would I use NTLM hash in OPtH? Is
downgrade the answer?
I am not sure where the RC4_HMAC_MD4 is used (I think it used for encryption not authentication), but in overpass the hash you use the NTLM hash. If you are referring to the /rc4:<hash> option in mimikatz, then that takes the NTLM hash (I don't know why it is called rc4 though).
I read in some article, that kerberoast's brute-force phase is done by
trying different NTLM hashes. It seemed weird, so I assumed that it is
done by trying clear text passwords which will be used to generate
NTLM hashes which will be used in their turn as keys in order to try
decrypt the ticket's encryption. But that's not suppose to be the
case, RC4_HMAC_MD4 is not used by default. AES does, and it has PBKDF2
as a hash algorithm (which suppose to be BF resistant).
Yes, in Kerberoasting you first hash a candidate to NTLM and then attempt to decrypt the ticket using the hash.
You can attempt to downgrade to RC4 when requesting the ticket to be able to find the cleartext password faster, but with AES it only becomes slower to decrypt hence find the clear text password,
Good article
How is Silver Ticket is done when the victim sever does check the PAC
against the DC?
From what I read here it should still be possible to perform silver ticket attack. Mainly it is because the PAC is not always checked against the DC.
There are ways to stop lateral movement using silver tickets, the one I know is configure administrator and service accounts to be "Sensitive and cannot be delegated".
Golden Ticket attack builds on the TGS to cooperate with any given
TGT? Which means that it will sign on the PAC even if its forged?
A Golden Ticket attack is forging a TGT, this is possible after obtaining the key to encrypt the TGTs which is only known to Key Distribution Centers (KDC) in the domain, the key is the password hash of a domain user account called krbtgt. To get this user's password, you need to compromise a domain controller to get that hash.
So when you are able to obtain a Golden Ticket, you basically compromised the whole AD domain.
