From c5154431b6d922df6c20048bfb7f91e68433bba9 Mon Sep 17 00:00:00 2001 From: CPol Date: Sun, 14 Aug 2022 19:26:29 +0000 Subject: [PATCH] GitBook: [#3382] No subject --- .../active-directory-methodology/constrained-delegation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-hardening/active-directory-methodology/constrained-delegation.md b/windows-hardening/active-directory-methodology/constrained-delegation.md index f1a56fbd..be4400fd 100644 --- a/windows-hardening/active-directory-methodology/constrained-delegation.md +++ b/windows-hardening/active-directory-methodology/constrained-delegation.md @@ -27,7 +27,7 @@ Using this a Domain admin can **allow** a computer to **impersonate a user or co This means that if you **compromise the hash of the service** you can **impersonate users** and obtain **access** on their behalf to the **service configured** (possible **privesc**). -Moreover, you **won't only have access to the service that the user is able to impersonate, but also to any service** because the SPN is not being checked, only privileges. Therefore, if you have access to **CIFS service** you can also have access to **HOST service** using `/altservice` flag in Rubeus. +Moreover, you **won't only have access to the service that the user is able to impersonate, but also to any service** because the SPN (the service name requested) is not being checked, only privileges. Therefore, if you have access to **CIFS service** you can also have access to **HOST service** using `/altservice` flag in Rubeus. Also, **LDAP service access on DC**, is what is needed to exploit a **DCSync**.