TheManticoreProject/Delegations


Delegations is a tool that allows you to work with all types of Kerberos delegations (unconstrained, constrained, and resource-based constrained delegations) in Active Directory.

## 功能 - [x] 审计模式： - [x] 审计现有的非约束委派 - [x] 审计现有的带或不带协议转换的约束委派 - [x] 审计现有的基于资源的约束委派 - [x] 添加模式： - [x] 添加新的非约束委派 - [x] 添加新的带或不带协议转换的约束委派 - [x] 添加新的基于资源的约束委派 - [x] 查找模式： - [x] 查找非约束委派 - [x] 查找带或不带协议转换的约束委派 - [x] 查找基于资源的约束委派 - [x] 清除模式： - [x] 清除现有的非约束委派 - [x] 清除现有的带或不带协议转换的约束委派 - [x] 清除现有的基于资源的约束委派 - [x] 移除模式： - [x] 移除现有的非约束委派 - [x] 移除现有的带或不带协议转换的约束委派 - [x] 移除现有的基于资源的约束委派 - [x] 监控模式： - [x] 实时监控所有类型委派的修改 - [x] 协议转换模式： - [x] 在约束委派上添加协议转换 - [x] 在约束委派上移除协议转换 ## 安装 要获取此工具，您可以从 [GitHub 发布页面](https://github.com/TheManticoreProject/Delegations/releases)下载最新版本，或使用以下 `go` 命令进行安装： ``` go install github.com/TheManticoreProject/Delegations@latest ``` ## 演示

审计模式

审计模式允许您扫描 Active Directory 环境中的所有类型的委派： ``` ./Delegations audit --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p "Admin123!" ```

添加模式

添加模式允许您在对象上添加约束委派、非约束委派或基于资源的约束委派： ``` ./Delegations add constrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' --allowed-to-delegate-to "HOST/PC02.MANTICORE.local" ``` ``` ./Delegations add constrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' --allowed-to-delegate-to "HOST/PC02.MANTICORE.local" --with-protocol-transition ``` ``` ./Delegations add unconstrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ``` ``` ./Delegations add rbcd --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ```

清除模式

清除模式允许您清除对象上的约束委派、非约束委派或基于资源的约束委派： ``` ./Delegations clear constrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ``` ``` ./Delegations clear constrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' --with-protocol-transition ``` ``` ./Delegations clear unconstrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ``` ``` ./Delegations clear rbcd --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ```

查找模式

查找模式允许您查找对象上的约束委派、非约束委派或基于资源的约束委派： ``` ./Delegations find constrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ``` ``` ./Delegations find constrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' --with-protocol-transition ``` ``` ./Delegations find unconstrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ``` ``` ./Delegations find rbcd --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ```

移除模式

移除模式允许您从对象上移除约束委派、非约束委派或基于资源的约束委派： ``` ./Delegations remove constrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' --allowed-to-delegate-to "HOST/PC02.MANTICORE.local" ``` ``` ./Delegations remove constrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' --allowed-to-delegate-to "HOST/PC02.MANTICORE.local" --with-protocol-transition ``` ``` ./Delegations remove unconstrained --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ``` ``` ./Delegations remove rbcd --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ```

协议转换模式

协议转换模式允许您为对象上的约束委派添加或移除协议转换： ``` ./Delegations add protocoltransition --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ``` ``` ./Delegations remove protocoltransition --distinguished-name "CN=PC01,CN=Computers,DC=MANTICORE,DC=local" --dc-ip "192.168.56.101" -d "MANTICORE.local" -u "Administrator" -p 'Admin123!' ```

## 用法 程序的第一个位置参数是模式： ``` ./Delegations Delegations - by Remi GASCOU (Podalirius) @ TheManticoreProject - v1.0.0 Usage: Delegations add Add a constrained, unconstrained, or resource-based constrained delegation to a user or group. audit Audit constrained, unconstrained, and resource-based constrained delegations in Active Directory. clear Clear a constrained, unconstrained, or resource-based constrained delegation from a user or group. find Find a constrained, unconstrained, or resource-based constrained delegation from a user or group. monitor Monitor constrained, unconstrained, and resource-based constrained delegations in Active Directory. remove Remove a constrained, unconstrained, or resource-based constrained delegation from a user or group. ``` 然后对于 `add`、`remove` 和 `find` 模式，第二个位置参数是委派类型： ``` ./Delegations add Delegations - by Remi GASCOU (Podalirius) @ TheManticoreProject - v1.0.0 Usage: Delegations add constrained Add a constrained delegation to a user or group. unconstrained Add a unconstrained delegation to a user or group. rbcd Add a ressource-based delegation to a user or group. ``` 对于 `audit` 模式，所有委派类型都会一次性被审计，不需要更多的位置参数，只需要选项： ``` ./Delegations audit Delegations - by Remi GASCOU (Podalirius) @ TheManticoreProject - v1.0.0 Usage: Delegations audit --domain --username [--password ] [--hashes ] [--debug] --dc-ip [--ldap-port ] [--use-ldaps] [--use-kerberos] Authentication: -d, --domain Active Directory domain to authenticate to. -u, --username User to authenticate as. -p, --password Password to authenticate with. (default: "") -H, --hashes NT/LM hashes, format is LMhash:NThash. (default: "") Configuration: -d, --debug Debug mode. (default: false) LDAP Connection Settings: -dc, --dc-ip IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted, it will use the domain part (FQDN) specified in the identity parameter. -lp, --ldap-port Port number to connect to LDAP server. (default: 389) -L, --use-ldaps Use LDAPS instead of LDAP. (default: false) -k, --use-kerberos Use Kerberos instead of NTLM. (default: false) ``` ## 贡献 欢迎提交 Pull Request。如果您想添加其他功能，请随时开启 issue。 ## 致谢 - [Remi GASCOU (Podalirius)](https://github.com/p0dalirius) 创建了 [Delegations](https://github.com/p0dalirius/Delegations) 项目，随后将其转让给了 TheManticoreProject。

标签：Active Directory, Checkov, EVTX分析, EVTX分析, Go语言, HTTP, Manticore, PE 加载器, Plaso, RBCD, SAM Account, Terraform 安全, WSL, 协议转换, 嗅探欺骗, 域渗透, 基于资源的约束委派, 委派攻击, 无约束委派, 日志审计, 权限维持, 模拟器, 横向移动, 电子数据取证, 程序破解, 约束委派, 编程规范