CtrlK

Unconstrained Delegation

NetExec allows you to retrieve the list of all computers and users with the flag TRUSTED_FOR_DELEGATION

nxc ldap 192.168.0.104 -u harry -p pass --trusted-for-delegation

Alternatives Tools

GitHub - ropnop/windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queriesGitHub

PowerSploit/PowerView.ps1 at dev · PowerShellMafia/PowerSploitGitHub

Resources:

https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdftroopers.de

Unconstrained Delegation - Risqueshackndo

“Relaying” Kerberos - Having fun with unconstrained delegationdirkjanm.io

https://posts.specterops.io/hunting-in-active-directory-unconstrained-delegation-forests-trusts-71f2b33688e1posts.specterops.io

PreviousFind Misconfigured Delegation NextAdmin Count

Last updated 4 months ago

Was this helpful?