Sylpbqraz/SharpAllowedToAct-Modify

Topics: rbcd-modification-logic, ad-permission-manipulator, allowedtoact-bypass-mechanics, identity-delegation-refinery, red-team-credential-pivot, active-directory-access-engine, resource-based-delegation-pro, kerberos-authorization-logic, privilege-escalation-orchestrator, security-descriptor-auditor, delegation, kerberos, ad-security, active-directory, rbcd # Introduction This project is a fork of [SharpAllowedToAct]. Sometimes, an attacker may obtain credentials for a privileged user but lack access to the user's machine. To exploit this scenario—where the attacker aims to perform resource-based constrained delegation attacks using the acquired privileged account (e.g., a domain-joined account)—`SharpAllowedToAct` only leverages the current user's privileges for attacks. Therefore, I made the following modifications: 1. The operation for adding machine accounts has been removed. You can use the original `SharpAllowedToAct` to add accounts, or use `addcomputer.py` to add machine accounts. 2. Added custom LDAP account and password parameters. 3. Added the specified machine account parameter # Instructions for Use The default `msds-allowedtoactonbehalfofotheridentity` is not specified, so the ticket request failed: Use the tools provided by this project to modify the victim's `msds-allowedtoactonbehalfofotheridentity` attribute: The -m parameter specifies the machine account you added, -u is the LDAP username, -p is the LDAP password, -t is the target machine name, -a is the domain controller address, and -d is the domain name. For example: ``` SharpAllowedToAct.exe -m machine -u ldapuser -p ldappass -t victim -a dcserver.domian.com -d domain.com ``` The bill application was successful at this time: RBCD successfully connected to the victim machine:

标签：Active Directory, ATT&CK框架, Kerberos委派, Plaso, T1059, 协议分析, 后渗透工具, 域渗透, 对象接管, 权限提升, 电子数据取证, 资源受限委派, 身份验证攻击