Skip to content

Sylphoraz/search_rbcd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4,992 Commits
.github
.github
 
 
.vs
.vs
 
 
README.assets
README.assets
 
 
packages
packages
 
 
search_rbcd
search_rbcd
 
 
LICENSE
LICENSE
 
 
LOG
LOG
 
 
README.md
README.md
 
 
search_rbcd.sln
search_rbcd.sln
 
 

Repository files navigation

Foreword

The primary method for executing RBCD attacks currently involves searching for mS-DS-CreatorSID. If the machine creator is under our control, we can modify the corresponding machine's msDS-AllowedToActOnBehalfOfOtherIdentity setting using the tool [SharpAllowedToAct-Modify].

Then let's go ahead and try searching all computers to check their msDS-AllowedToActOnBehalfOfOtherIdentity attribute. If any values point to machines or accounts we control, we can simply use RBCD to take them over.

Usage

python3 search_rbcd.py -u ldapusername -p 'ldappassword' -d domain.com -l ldapserver.domain

image-20220115233019823

About

Search msDS-AllowedToActOnBehalfOfOtherIdentity

Topics

security csharp dotnet active-directory bloodhound infosec kerberos privilege-escalation redteam directory-services windows-security rbcd

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

release Latest
Dec 15, 2025

Sponsor this project

Packages

 
 
 

Contributors

Languages