mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-14 06:54:57 +03:00
mukul975
23 lines
723 B
Markdown
23 lines
723 B
Markdown
# Workflows - Constrained Delegation Abuse
|
|
|
|
## S4U Attack Chain
|
|
|
|
```
|
|
1. Enumerate → findDelegation.py or PowerView
|
|
2. Obtain account credentials → password, hash, or TGT
|
|
3. S4U2self → Request ticket as target user to compromised service
|
|
4. S4U2proxy → Forward ticket to delegated service (CIFS/LDAP/HTTP)
|
|
5. Access → Use ticket for privileged access to target service
|
|
6. Escalate → DCSync via LDAP or file access via CIFS
|
|
```
|
|
|
|
## Alternate Service Name Workflow
|
|
|
|
```
|
|
1. Delegation configured for: CIFS/DC01.domain.local
|
|
2. Request S4U ticket for CIFS as administrator
|
|
3. Modify SPN in ticket to LDAP/DC01.domain.local
|
|
4. Use modified ticket for DCSync (secretsdump.py -k)
|
|
5. Full domain compromise achieved
|
|
```
|