https://az0th.it/tags/rbcd/ Recent content in Rbcd on MrAzoth Hugo -- 0.154.5 en-us https://az0th.it/ad/kali/delegation-attacks/ Mon, 01 Jan 0001 00:00:00 +0000 https://az0th.it/ad/kali/delegation-attacks/ <h2 id="quick-reference">Quick Reference</h2> <table> <thead> <tr> <th>Attack</th> <th>Tool</th> <th>Required Privileges</th> </tr> </thead> <tbody> <tr> <td>Unconstrained Delegation Abuse</td> <td>impacket, Responder, coercion tools</td> <td>Compromise of delegated host</td> </tr> <tr> <td>Constrained Delegation (KCD)</td> <td>getST.py</td> <td>Control of account with KCD configured</td> </tr> <tr> <td>RBCD Setup + Abuse</td> <td>addcomputer.py, rbcd.py, getST.py</td> <td>GenericWrite or WriteDACL on target computer</td> </tr> <tr> <td>Shadow Credentials</td> <td>pywhisker.py, getnthash.py</td> <td>WriteProperty on msDS-KeyCredentialLink</td> </tr> <tr> <td>Coerce Authentication (PetitPotam)</td> <td>PetitPotam.py</td> <td>Valid domain credentials</td> </tr> <tr> <td>Coerce Authentication (PrinterBug)</td> <td>printerbug.py</td> <td>Valid domain credentials</td> </tr> </tbody> </table> <hr> <h2 id="delegation-overview">Delegation Overview</h2> <p>Kerberos delegation allows a service to impersonate users when accessing other services on their behalf. There are three types, each with different risk profiles and abuse paths.</p> https://az0th.it/ad/windows/delegation-attacks/ Mon, 01 Jan 0001 00:00:00 +0000 https://az0th.it/ad/windows/delegation-attacks/ Abusing Kerberos delegation (Unconstrained, Constrained, RBCD, Shadow Credentials) from a Windows foothold using Rubeus, PowerView, and PowerMad.