Skip to content
/ Wonka Public

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

License

GPL-3.0 license
161 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Shac0x/Wonka

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
Wonka
Wonka
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
Logo.png
Logo.png
Β 
Β 
README.md
README.md
Β 
Β 
Wonka.sln
Wonka.sln
Β 
Β 

Repository files navigation

Wonka 🍫

Wonka Logo

"We are the music makers, and we are the dreamers of dreams." - Willy Wonka

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

✨ Features

  • πŸ” System Impersonation - Automatically becomes SYSTEM to access LSA
  • πŸ“‹ Session Discovery - Finds all active logon sessions
  • 🎟️ Ticket Extraction - Retrieves detailed Kerberos ticket information
  • πŸ“¦ Base64 Output - Ready-to-use ticket format

πŸš€ Quick Start

Requirements

  • Windows machine
  • Administrator privileges
  • .NET 7.0+ (for building)

Installation

Option 1: Build Single Executable (Recommended)

dotnet publish -c Release -r win-x64 --self-contained true /p:PublishSingleFile=true

Option 2: Simple Build

dotnet build --configuration Release

Usage

# Run as Administrator
.\Wonka.exe

πŸ“– Sample Output

[+] Starting Kerberos ticket extraction process...
[+] Successfully impersonated as SYSTEM
[+] Logon sessions found: 15

[+] User: charlie.bucket@CHOCOLATE.FACTORY
[+] Tickets found: 3

-----------------------------------------------------------------------
Username = charlie.bucket
DnsDomainName = chocolate.factory
StartTime ---> 10/21/2025 10:30:15 AM
EndTime ---> 10/21/2025 8:30:15 PM
Server Name ---> krbtgt/CHOCOLATE.FACTORY
Ticket b64 ---> YIIFgjCCBX6gAwIBBaEDAgEWooIEhjCCBIJhggR+MII...
-----------------------------------------------------------------------

πŸ—οΈ Project Structure

wonka/
β”œβ”€β”€ Program.cs      # Main ticket extraction logic
β”œβ”€β”€ winapi.cs       # Windows API definitions
β”œβ”€β”€ Config.cs       # Configuration and logging
└── wonka.csproj    # Project file

πŸ”§ Technical Details

Core APIs Used

  • OpenProcessToken - Process token access
  • LsaRegisterLogonProcess - LSA registration
  • LsaEnumerateLogonSessions - Session enumeration
  • LsaCallAuthenticationPackage - Kerberos communication

How It Works

  1. Impersonates SYSTEM via winlogon process token
  2. Registers with Local Security Authority
  3. Enumerates all logon sessions
  4. Extracts Kerberos tickets from each session
  5. Outputs tickets in Base64 format

πŸ› οΈ Troubleshooting

Issue Solution
"Could not impersonate as SYSTEM" Run as Administrator
"Could not initialize LSA" Check Windows compatibility
"No tickets found" Ensure Kerberos is in use (klist)

⚠️ Legal Notice

"A little nonsense now and then is relished by the wisest men."

This tool is for authorized security research and testing only. Like Wonka's factory, enter only with permission! 🏭

Use responsibly:

  • βœ… Security research and education
  • βœ… Authorized penetration testing
  • βœ… System administration
  • ❌ Unauthorized access to systems

🍫 About

Created for security professionals who need to extract Kerberos tickets as sweet as Wonka's chocolate. Remember: with great power comes great responsibility!

"So shines a good deed in a weary world." 🌟

About

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

Resources

Readme

License

GPL-3.0 license
Activity

Stars

161 stars

Watchers

0 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages