BadSuccessor: dMSA abuse to Escalate Privileges in Windows Active Directory

This module exploits 'Bad Successor', which allows operators to elevate privileges on domain controllers
running at the Windows 2025 forest functional level. Microsoft decided to introduce Delegated Managed Service
Accounts in this forest level and they came ripe for exploitation.

Normal users can't create dMSA accounts where dMSA accounts are supposed to be created, the Managed Service
Accounts OU, but if a normal user has write access to any other OU they can then create a dMSA account in
said OU. After creating the account the user can edit LDAP attributes of the account to indicate that this
account should inherit privileges from the Administrator user. Once this is complete we can request kerberos
tickets on behalf of the dMSA account and voila, you're admin.

The module has two actions, one for creating the dMSA account and setting it up to impersonate a high
privilege user, and another action for requesting the kerberos tickets needed to use the dMSA account for privilege
escalation.