the-useless-one / pywerview

A (partial) Python rewriting of PowerSploit's PowerView
GNU General Public License v3.0
924 stars 114 forks source link

Enumerate the state of TGT delegation #56

Closed jsdhasfedssad closed 1 year ago

jsdhasfedssad commented 1 year ago

Hi,

Thank you for this tool!

When performing cross-forest (inter-realm) attacks one method to use is to abuse unconstrained delegation which DCs are configured with by default. However, this attack relies on TGT delegation beeing enabled in the direction of the target forest to the source/owned forest. The command get-netdomaintrust outputs most of the information required but not the state of TGT delegation.

Enumerating this using built-in tools on the primary DC in the target forest outputs the below. Would you be willing to implement support for this in pywerview? Thanks!

delegation

ThePirateWhoSmellsOfSunflowers commented 1 year ago

Hello!

I planned to rewrite how trusts are handled and displayed, I'm not satisfied with output of get-netdomaintrust. So thanks for your idea and keep an eye on the develop branch :wink:

:sunflower:

ThePirateWhoSmellsOfSunflowers commented 1 year ago

Hello, I've just pushed a better trust handling on the develop branch. Can you test it ? Thanks for the idea, closing now.

:sunflower:

jsdhasfedssad commented 1 year ago

It works. Very good. Thanks!