.. / Impacket-RBCD
Star

Impacket rbcd.py will modify the msDS-AllowedToActOnBehalfOfOtherIdentity property of a target computer with security descriptor of another computer. The following command adds the related security descriptor of the created EVILCOMPUTER to the msDS-AllowedToActOnBehalfOfOtherIdentity property of DC01. This basically means that EVILCOMPUTER can get impersonated service tickets for DC01 using getST.py.

Command Reference:

Target IP: 10.10.10.1

Domain: test.local

Username: john

Hash: :A9FDFA038C4B75EBC76DC855DD74F0DA

Delegate To: DC01$

Delegate From: EVILCOMPUTER$

Command: Copy References:

https://github.com/SecureAuthCorp/impacket/blob/master/examples/rbcd.py

https://github.com/tothi/rbcd-attack