Reorder attack components so a computer account is created, if specified, before the escalation through resource-based constrained delegation attack is attempted.
This allows users to create a relay and specify both --add-computer and --delegate-access --escalate-user to create a computer account and delegate access to the account in a single relay. Currently, if this is attempted, the delegation attack is performed first and it results in an error that the computer to delegate to does not exist.
What I'd like to be able to do is add a computer, escalate access, and setup a DNS record all in a single relay. For example
Reorder attack components so a computer account is created, if specified, before the escalation through resource-based constrained delegation attack is attempted.
This allows users to create a relay and specify both
--add-computer
and--delegate-access --escalate-user
to create a computer account and delegate access to the account in a single relay. Currently, if this is attempted, the delegation attack is performed first and it results in an error that the computer to delegate to does not exist.What I'd like to be able to do is add a computer, escalate access, and setup a DNS record all in a single relay. For example