Skip to content

Jumbo-WJB/search_rbcd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

csharp

csharp

 
 

readme.assets

readme.assets

 
 

readme.md

readme.md

 
 

search_rbcd.py

search_rbcd.py

 
 

Repository files navigation

前言

现在进行RBCD的攻击手段主要是搜索mS-DS-CreatorSID,如果机器的创建者是我们可控的话,那就可以修改对应机器的msDS-AllowedToActOnBehalfOfOtherIdentity,利用工具SharpAllowedToAct-Modify

那我们索性也试试搜索所有计算机并查看其msDS-AllowedToActOnBehalfOfOtherIdentity属性,里面的值有没有咱们可控的机器/账号,如果有的话,直接RBCD打就行。

使用

python3 search_rbcd.py -u ldapusername -p 'ldappassword' -d domain.com -l ldapserver.domain

image-20220115233019823

About

Search msDS-AllowedToActOnBehalfOfOtherIdentity

Resources

Readme
Activity

Stars

34 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages