Resource Based Constrained Delegation

Earlier this year on a internal penetration test for my employer, I was stuck on Active Directory (AD) escalation. I had gotten a foothold in the environment by cracking a user’s hashed credentials that I had captured through DHCPv6 spoofing. However, the user didn’t belong to any privileged groups and didn’t have local admin privileges…

Unconstrained Delegation

One of the weaknesses that I configured in my lab environment was “Unconstrained Delegation.” Systems in an Active Directory (AD) environment can be configured for unconstrained delegation. This means that a system can “delegate”, or impersonate users that authenticate to it. Normally, when a user authenticates to a service running on a system, the user…