Unconstrained Delegation

NetExec allows you to retrieve the list of all computers and users with the flag TRUSTED_FOR_DELEGATION

nxc ldap 192.168.0.104 -u harry -p pass --trusted-for-delegation

Alternatives Tools

GitHub - ropnop/windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queriesGitHub

PowerSploit/Recon/PowerView.ps1 at dev · PowerShellMafia/PowerSploitGitHub

Resources:

https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdftroopers.de

Unconstrained Delegation - Risqueshackndo

“Relaying” Kerberos - Having fun with unconstrained delegationdirkjanm.io

Hunting in Active Directory: Unconstrained Delegation & Forests Trusts - SpecterOpsSpecterOps

PreviousFind Misconfigured Delegation NextAdmin Count

Last updated 10 months ago

Was this helpful?