search

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.
https://www.coresecurity.com
Other
12.99k stars 3.5k forks source link

Add Computer Before Delegation #1690

Closed gjhami closed 5 months ago

gjhami commented 5 months ago

Reorder attack components so a computer account is created, if specified, before the escalation through resource-based constrained delegation attack is attempted.

This allows users to create a relay and specify both --add-computer and --delegate-access --escalate-user to create a computer account and delegate access to the account in a single relay. Currently, if this is attempted, the delegation attack is performed first and it results in an error that the computer to delegate to does not exist.

What I'd like to be able to do is add a computer, escalate access, and setup a DNS record all in a single relay. For example

impacket-ntlmrelayx -t ldaps://<DC.DOMAIN.TLD> --add-computer '<COMPUTER NAME>$' '<PASSWORD>' --add-dns-record '<COMPUTER NAME>' '<COMPUTER IP>' --delegate-access --escalate-user '<COMPUTER NAME>$'
anadrianmanrique commented 4 months ago

Thanks for the PR. A bug was fixed https://github.com/fortra/impacket/commit/337d50d04e191c2b323ccf4877500fc487126dd1, after merging this changes.