Showing posts from December, 2019

No Shells Required - a Walkthrough on Using Impacket and Kerberos to Delegate Your Way to DA

There are a ton of great resources that have been released in the past few years on a multitude of Kerberos delegation abuse avenues.However, most of the guidance out there is pretty in-depth and/or focuses on the usage of @Harmj0y’s Rubeus.While Rubeus is a super well-written tool that can do quite a few things extremely well, in engagements where I’m already running off of a primarily Linux environment, having tools that function on that platform can be beneficial.To that end, all the functionality we need to perform unconstrained, constrained, and resource-based constrained delegation attacks is already available to us in the impacket suite of tools.
This post will cover how to identify potential delegation attack paths, when you would want to use them, and give detailed walkthroughs of how to perform them on a Linux platform.What we won’t be covering in this guide is a detailed background of Kerberos authentication, or how various types of delegation work in-depth, as there are so…