timewrap: Faketime + NTP Helper for AD Lab Environments.

In Active Directory labs, we often need to manipulate system time to:

  • Replay or inspect expired certificates
  • Test Kerberos ticket lifetimes or replay attacks
  • Trigger specific behaviors based on time (e.g., scheduled tasks, cert validity, trial expirations)

Doing this manually by changing your system clock can be tedious or disruptive. Instead, we can use faketime to simulate a specific time per command, without touching the real system clock.

Here’s a simple shell helper called timewrap to streamline this:
  • Queries an NTP server for the current time
  • Parses the response
  • Runs any given command with faketime

The timewrap Function

Add this to your .zshrc, .bashrc, or .bash_profile:

timewrap() {
  if [ $# -lt 2 ]; then
    echo "Usage: timewrap IP_or_Domain command [args...]"
    return 1
  fi

  local ntp_host="$1"
  shift

  local ntp_first_line
  ntp_first_line=$(ntpdate -q "$ntp_host" 2>/dev/null | head -1)

  if [ -z "$ntp_first_line" ]; then
    echo "Failed to get time from $ntp_host"
    return 1
  fi

  local faketime_date faketime_time faketime_datetime
  faketime_date=$(echo "$ntp_first_line" | awk '{print $1}')
  faketime_time=$(echo "$ntp_first_line" | awk '{print $2}')

  if [[ -z "$faketime_date" || -z "$faketime_time" ]]; then
    echo "Failed to parse date/time from ntpdate output"
    return 1
  fi

  faketime_datetime="$faketime_date $faketime_time"

  echo "Running command with faketime set to: $faketime_datetime"

  faketime "$faketime_datetime" "$@"
}

Don’t forget to source after adding the custom function. Example: source ~/.zshrc

Usage Example

❯ timewrap dc.corp.red.local certipy req -u mark.dev -p 'Passw0rd!' -ca ca.corp.red.local\CorpCA -template User -target dc.corp.red.local

Running command with faketime set to: 2025-06-12 02:14:22
[*] Using domain: corp.red.local
[*] Requesting certificate via MS-WCCE
[*] Got certificate: mark.dev.pfx

You could use this with:

  • certutil, klist, kerbrute, or anything that depends on the system clock
  • Red team or exam boxes (e.g., machine.domain.local) that expect a certain time

Notes

Requires faketime and ntpdate

Install on Debian/Ubuntu:

sudo apt install faketime ntpdate