Unconstrained delegation
CrackMapExec allows you to retrieve the list of all computers et users with the flag TRUSTED_FOR_DELEGATION
1
cme ldap 192.168.0.104 -u harry -p pass --trusted-for-delegation
Copied!

Alternatives Tools

GitHub - ropnop/windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
GitHub
PowerSploit/PowerView.ps1 at dev ยท PowerShellMafia/PowerSploit
GitHub

Ressources:

https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
troopers.de
Unconstrained Delegation - Risques
hackndo
โ€œRelayingโ€ Kerberos - Having fun with unconstrained delegation
dirkjanm.io
https://posts.specterops.io/hunting-in-active-directory-unconstrained-delegation-forests-trusts-71f2b33688e1
posts.specterops.io
โ€‹