🖊️ Author: Nairuz Abulhul

🌐 Blog: R3dbuck3t

Table of Contents

Unconstrained Delegation Overview

<aside> 📌 **Unconstrained delegation allows an application to impersonate a user or computer account to access any service within the forest on behalf of the authenticated user.

Only Domain controllers can have the unconstrained delegation enabled; any other servers shouldn’t have the feature enabled.**

</aside>

Steps to abuse delegation assigned to computer account

• Compromise a system with an unconstrained delegation enabled.
• Obtain local admin privileges on the delegated system.
• Exports all TGT ticket, chooses a TGT for a privileged account
• Use the TGT ticket to perform a Pass the Ticket attack to access the intended service

Steps to abused delegation assigned to user account

• Similar to above but more limited and harder to achieve

Tools

• PowerView
• Invoke-Mimikatz
• Active Directory Module

Finding Delegation Accounts

Active Directory Module