There has been many publications out there explaining various ways to attack an unconstrained delegation. This research/post is to practically show how such misconfiguration can be exploited easily and effectively. To further understand this kind of attack, check out the resources at the bottom below.

Let’s get started:

To perform this kind of attack,

  1. Gain access to a domain controller (DCB) in ForestB.
  2. Monitor for logon event through LSA API with Rubeus.exe: Rubeus.exe.
  3. Use a MS-RPRN.exe to trigger the “printer bug” against DCA.
  4. Trigger the MS-RPRN “printer bug” against a domain controller (e.g. DCA) in ForestA.
  5. Harvest a Ticket Granting…

Inveteck Global

Ghana’s #1 practical cyber security company

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store