🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸ”§ NetExec Wiki / Find Misconfigured Delegation

πŸ†• Find Misconfigured Delegation

NetExec allows you to retrieve the list of all misconfigured delegations

nxc ldap <target> -u <username> -p '<password>' --find-delegation

# Example Output

SMB    <target>   445   WINTERFELL   [*] Windows 10 / Server 2019 Build 17763 x64 (name:WINTERFELL) (domain:<domain>) (signing:True) (SMBv1:False)
LDAP   <target>   389   WINTERFELL   [+] <domain>\<username>:<password> (Pwn3d!)
LDAP   <target>   389   WINTERFELL   AccountName  AccountType DelegationType                     DelegationRightsTo
LDAP   <target>   389   WINTERFELL   ------------ ----------- ---------------------------------- ----------------------------------------------------------------
LDAP   <target>   389   WINTERFELL   sansa.stark  Person      Unconstrained                      N/A
LDAP   <target>   389   WINTERFELL   jon.snow     Person      Constrained w/ Protocol Transition CIFS/winterfell, CIFS/winterfell.<domain>
LDAP   <target>   389   WINTERFELL   jon.snow     Person      Resource-Based Constrained         RBCD-COMPUTER$
LDAP   <target>   389   WINTERFELL   CASTELBLACK$ Computer    Constrained                        HTTP/winterfell, HTTP/winterfell.<domain>
LDAP   <target>   389   WINTERFELL   ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»ΡŒ Person      Resource-Based Constrained         WINTERFELL$