🔱
🔱
🔱
🔱
CrackMapExec ~ CME WIKI
Public Release - v5.2.2@byt3bl33d3r@mpgn_x64
Search…
Introduction
🔥
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
🆕
BloodHound integration
Report bugs or new features
SMB protocol
🆕
Scan for vulnerabilities
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
🆕
Defeating LAPS
🆕
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
🆕
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
Powered By GitBook
Unconstrained delegation
CrackMapExec allows you to retrieve the list of all computers et users with the flag TRUSTED_FOR_DELEGATION
1
cme ldap 192.168.0.104 -u harry -p pass --trusted-for-delegation
Copied!

Alternatives Tools

GitHub - ropnop/windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
GitHub
PowerSploit/PowerView.ps1 at dev · PowerShellMafia/PowerSploit
GitHub

Ressources:

https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
troopers.de
Unconstrained Delegation - Risques
hackndo
“Relaying” Kerberos - Having fun with unconstrained delegation
dirkjanm.io
https://posts.specterops.io/hunting-in-active-directory-unconstrained-delegation-forests-trusts-71f2b33688e1
posts.specterops.io
LDAP protocol - Previous
Kerberoasting
Next - LDAP protocol
Admin Count
Last modified 1yr ago
Copy link
Contents
Alternatives Tools
Ressources: