crash.software
Projects
Pull Requests
Issues
Builds
GOAD
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY GOAD Commits 15359e40
🤬

  • Add constrained delegation without protocol transition

  • Loading...
  • Mayfly277 committed 2 years ago
    15359e40
    1 parent 218cf9d5
  • ■ ■ ■ ■ ■
    ad/sevenkingdoms.local/scripts/constrained_delegation_kerb_only.ps1
    1 1  # https://www.thehacker.recipes/ad/movement/kerberos/delegations/constrained#without-protocol-transition
    2  -Set-ADUser -Identity "svc_file_kerb" -ServicePrincipalNames @{Add='CIFS/DB01.bs.corp'}
    3  -Set-ADUser -Identity "svc_file_kerb" -Add @{'msDS-AllowedToDelegateTo'=@('CIFS/DB01.bs.corp')}
     2 +Set-ADComputer -Identity "castelblack$" -ServicePrincipalNames @{Add='HTTP/winterfell.north.sevenkingdoms.local'}
     3 +Set-ADComputer -Identity "castelblack$" -Add @{'msDS-AllowedToDelegateTo'=@('HTTP/winterfell.north.sevenkingdoms.local','HTTP/winterfell')}
     4 +# Set-ADComputer -Identity "castelblack$" -Add @{'msDS-AllowedToDelegateTo'=@('CIFS/winterfell.north.sevenkingdoms.local','CIFS/winterfell')}
  • ■ ■ ■ ■ ■
    ansible/vulnerabilities.yml
    skipped 23 lines
    24 24   roles:
    25 25   - { role: 'ps', tags: 'asrep_roasting', ps_script: "{{script_path}}/asrep_roasting.ps1"}
    26 26   - { role: 'ps', tags: 'constrained_delegation', ps_script: "{{script_path}}/constrained_delegation_use_any.ps1"}
     27 + - { role: 'ps', tags: 'constrained_delegation_kerb', ps_script: "{{script_path}}/constrained_delegation_kerb_only.ps1"}
    27 28   - { role: 'ps', tags: 'ntlm_relay', ps_script: "{{script_path}}/ntlm_relay.ps1"}
    28 29   - { role: 'ps', tags: 'responder', ps_script: "{{script_path}}/responder.ps1"}
    29 30  # - { role: 'ps', tags: 'anonymous_ldap', ps_script: "{{script_path}}/anonymous_ldap.ps1"} # done with acl
    skipped 29 lines
Please wait...
Page is in error, reload to recover