Our great sponsors
-
PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
With unconstrained delegation you may be able to use Petitpoatm (https://github.com/topotam/PetitPotam) to coerce the DC to connect, which would provide you the DC$ machine account. Then you could use that to perform a DCSync attack to get the krbtgt account hash to craft golden tickets. It's worth checking out.
Check out impacket's ntlmrelayx: https://github.com/SecureAuthCorp/impacket/blob/master/examples/ntlmrelayx.py