CVE-2021–36934
The derived hash is used for forgery such as PTH and bills. There is no detailed analysis here.
In addition, given that access rights to most system files can be obtained, there should be more than this one method of exploitation, including Microsoft officials, which have also characterized it as a privilege escalation vulnerability.
A simple script is used to export files from volume shadows, and only provides ideas. In view of the fact that there is no administrator authority, it is easier to write by yourself, and it is easier to avoid killing than mimikatz, and the effect should be better. Everyone has different opinions.
All versions after Windows 10 version 1809