Added ConstrainedDelegation-Backdoor #65
Conversation
|
Thanks! Let me test that! |
|
Testing in progress - Needs AD Module |
|
Need me to fix this bug and submit a new Pull Request ? |
|
That would be great! |
|
Do you think it is a good idea to solve this problem with https://github.com/samratashok/ADModule when Get-Module ActiveDirectory failed ? |
|
I think it would be better to use System.DirectoryServices and other .Net classes so as to reduce the dependency. If that cannot be done, than use #require and the script can still be merged. |
|
I meant #require check for ActiveDirectory module. |
|
I tried to write code using System.DirectoryServices, but I didn't succeed because I didn't find out how to manipulate the service account and unrestricted delegation through System.DirectoryServices. In addition, the #require check for the AD module has been added. |
|
I am getting an error 'The Server is unwilling to process the request' on line 104 (New-ADUser). Trying to check the reason. Also, Is that $SPN supposed to be $ServicePrincipalName. I really like the idea of the backdoor. |
|
Oh sorry, it is my mistake. $SPN should indeed be $ServicePrincipalName. |
|
Under what circumstances will cause 'The Server is unwilling to process the request' error? I did not get this error when testing on win7 win10 win2008R2 win2012R2. |
|
Any progress? |
|
Merged! Will rename this and do some changes. Thanks for the contribution :) |
This is a way to leave a backdoor through the constrained delegation in the AD environment.
reference:
https://labs.mwrinfosecurity.com/blog/trust-years-to-earn-seconds-to-break/