1
00:00:00,060 --> 00:00:03,700
For these, we will be talking about the Kerberos and consent delegation.

2
00:00:03,720 --> 00:00:11,330
So the delegation in the sense impersonating our as other users are escalating to the higher priorities.

3
00:00:12,690 --> 00:00:18,870
So let's see what is the problem for this and why there is a delegation for this.

4
00:00:19,620 --> 00:00:25,930
So let's say normal user and we had a web server and we have these resources are what?

5
00:00:26,160 --> 00:00:31,830
So the first one can be the file share and second one can be our like.

6
00:00:33,940 --> 00:00:36,070
Backup and thoroughness database.

7
00:00:36,400 --> 00:00:42,790
So we have the servers and user wants to access the resources on the servers generally the web server,

8
00:00:42,790 --> 00:00:48,910
how the web server secondary which was created by the domain administrator.

9
00:00:50,390 --> 00:00:57,140
So like I use web service service account and normal observers account for those accounts does not have

10
00:00:57,200 --> 00:01:07,550
access to all of the resources on this service because not all the resources are the data can be accessed

11
00:01:07,550 --> 00:01:09,080
by these service accounts.

12
00:01:09,350 --> 00:01:11,960
So those are these accounts have this capacity.

13
00:01:12,170 --> 00:01:20,810
Whenever the user wants to access his personal data on these servers, then uh, this uh, web server

14
00:01:20,810 --> 00:01:28,550
will generally request to this database server and this database does not know which user is asking

15
00:01:28,550 --> 00:01:29,300
for this data.

16
00:01:29,510 --> 00:01:33,710
So that's why Microsoft introduces this litigation.

17
00:01:34,190 --> 00:01:38,690
So in this delegation, we also have the domain controller.

18
00:01:38,930 --> 00:01:47,090
So what what is going on is this user request for that device, for this Web server.

19
00:01:47,210 --> 00:01:52,100
So the user will request the key duty from the domain controller.

20
00:01:52,100 --> 00:01:56,810
And after that PDT, he will request further desires for this web service.

21
00:01:57,320 --> 00:02:08,060
Whenever we he got the PDA for the web service, the user will be sending to this web service that PDT

22
00:02:08,570 --> 00:02:09,710
inside this video.

23
00:02:09,920 --> 00:02:17,930
So what this observer does is this, uh, user duty will be copied into the tedious request and will

24
00:02:17,930 --> 00:02:19,910
be sent to this database server.

25
00:02:20,580 --> 00:02:27,680
Uh, the database error to see the user's PDT encyclopaedias and database error identifies that this

26
00:02:27,680 --> 00:02:29,390
request is coming from this user.

27
00:02:29,870 --> 00:02:39,070
And, and this also checks whether the user, how the access to the particular, uh, data or not.

28
00:02:39,080 --> 00:02:40,280
And then it will

29
00:02:43,160 --> 00:02:47,990
send tedious and will actually fetch the data.

30
00:02:48,260 --> 00:02:51,560
So this is how, uh, this operates in simple terms.

31
00:02:51,900 --> 00:02:58,700
Uh, the user details will be copied, so there will be a second request from the user to domain control.

32
00:02:58,850 --> 00:03:05,940
So the user will fetch this data two times, and that will result in the tedious request of this web

33
00:03:05,960 --> 00:03:07,610
server to this database server.

34
00:03:07,970 --> 00:03:14,540
And then afterwards, uh, now data will be transferred to this user.

35
00:03:14,570 --> 00:03:15,470
No response.

36
00:03:16,100 --> 00:03:18,770
So what is more rigorous and uncontrolled delegation?

37
00:03:18,770 --> 00:03:24,950
I'm concerned the regression, the sense this, uh, computer, this machine, web server machine is

38
00:03:24,950 --> 00:03:29,720
mitigated, uh, is trusted for delegation.

39
00:03:29,720 --> 00:03:34,730
That means this web server can impersonate as any user in this domain.

40
00:03:35,360 --> 00:03:42,960
Now, user, user one can, uh, try to, uh, access the data and this web server can impersonate as

41
00:03:42,980 --> 00:03:47,650
this user one and then, uh, another user too.

42
00:03:47,660 --> 00:03:55,760
And that can also be impersonated by this server because this web server is protected by the domain

43
00:03:55,760 --> 00:03:57,140
control for deviation.

44
00:03:58,100 --> 00:04:02,450
So this is the unconstrained division that there are no constraints or this variation.

45
00:04:07,200 --> 00:04:09,060
Let's go to users and computers here.

46
00:04:09,070 --> 00:04:13,320
We have only one computer, if you like, on this.

47
00:04:13,320 --> 00:04:21,120
Go to properties and litigation and here you can see that the does have this setting by default as these

48
00:04:21,120 --> 00:04:23,220
computers are dedicated to any service.

49
00:04:29,100 --> 00:04:35,040
If you want to use this, you can also set the delegation permissions to the users as well.

50
00:04:35,040 --> 00:04:37,140
So we'll be seeing that in the next video.

51
00:04:43,740 --> 00:04:51,660
If you go to properties and go to attribute a router and go to user account control and if you edit

52
00:04:51,660 --> 00:04:58,500
this one so you can see the flags on procedure for deletion.

53
00:04:58,500 --> 00:05:04,260
So this is very important one, this identifies that this computer is registered a photo variation.

54
00:05:18,370 --> 00:05:21,520
So we need to find for this delegation.

55
00:05:24,910 --> 00:05:29,230
And here to concede the number must be a minimum fight to forward it.

56
00:05:29,740 --> 00:05:34,570
We need to say to those that are going to control values for the users and then we need to query for

57
00:05:34,570 --> 00:05:37,780
the facts which are minimum at this value.

58
00:05:38,350 --> 00:05:43,270
And then we can convert these you control to the number for X and we can.

59
00:05:45,140 --> 00:05:45,680
See them.

60
00:05:46,220 --> 00:05:50,210
And here we have another flag that is too long for the reunion.

61
00:05:50,210 --> 00:05:53,170
So this will be given for the U.S. elections.

62
00:05:53,180 --> 00:05:55,070
So we'll be seeing this in the next year.

63
00:05:55,610 --> 00:06:05,180
And the main important thing is whenever the computer restructured for the relation on these computers

64
00:06:05,300 --> 00:06:08,480
at recess, protesters were articulating it in its memory.

65
00:06:08,480 --> 00:06:15,800
So that means you need to have the administrator administrator privileges on this delegated mission.

66
00:06:16,700 --> 00:06:20,510
Otherwise we cannot, uh, expect that to get from this.

67
00:06:23,020 --> 00:06:24,920
So I tell you, it's the same computer.

68
00:06:24,980 --> 00:06:27,850
And we have already the.

69
00:06:33,700 --> 00:06:35,200
We are already administrator.

70
00:06:39,560 --> 00:06:42,920
So generally what happens is when you do.

71
00:06:45,830 --> 00:06:53,880
Wait for the administrator to access any of the service on this web server so they are disproportionately

72
00:06:54,020 --> 00:07:00,950
displayed on the server so that the viewer should visit this web page and request some resource.

73
00:07:01,190 --> 00:07:12,800
And after that, you will have the British terminal assets process so we can send Kerberos tickets and

74
00:07:12,800 --> 00:07:14,540
we can actually export.

75
00:07:14,630 --> 00:07:16,850
And here in these.

76
00:07:18,190 --> 00:07:23,520
Well, tickets, you will see that we can do the parts that get attached to.

77
00:07:25,650 --> 00:07:27,990
Or is an administrator.

78
00:08:06,310 --> 00:08:08,830
So we can actually export them.

79
00:08:11,830 --> 00:08:12,670
So it's.

80
00:08:25,950 --> 00:08:29,280
So all of these tickets were placed on their desk.

81
00:08:29,460 --> 00:08:31,200
So that's why it created this further.

82
00:08:46,510 --> 00:08:56,020
And now you see all of these, uh, in motor tickets, so you can search for this administrator here.

83
00:08:56,020 --> 00:08:59,020
You can see that we sure that you can do the passenger ticket.

84
00:09:15,350 --> 00:09:16,910
So we are an administrator.

85
00:09:17,750 --> 00:09:19,700
But in when we are.

86
00:09:26,610 --> 00:09:31,890
-- -- has logged in to this web server and access any of the resources.

87
00:09:31,920 --> 00:09:34,260
Then you will have the ticket in the memory.

88
00:09:34,260 --> 00:09:37,260
Then you can dump and use this ticket.

89
00:09:38,560 --> 00:09:40,450
Part of that escalation.

90
00:09:42,080 --> 00:09:47,000
So this is we can write this small shop code to find the.

91
00:09:49,750 --> 00:09:52,540
This brigadier computers.

92
00:09:53,230 --> 00:09:59,320
So this could is similar to the previous videos of sort finding.

93
00:09:59,890 --> 00:10:05,800
So are you to reason you need to change this user account control where you do this a minimum of this

94
00:10:06,160 --> 00:10:13,550
photo for editor and then we loop over the properties and then we'll be converting this are you that

95
00:10:13,570 --> 00:10:17,110
are going to convert to binary format and then we are of.

96
00:10:18,750 --> 00:10:19,950
Trenching are the flags.

97
00:10:20,820 --> 00:10:22,770
And in those flags will be.

98
00:10:25,030 --> 00:10:25,720
Printing.

99
00:10:29,040 --> 00:10:37,830
We are comparing if the award has the delegation and then we are printing the same Ghonim and all of

100
00:10:37,830 --> 00:10:40,110
the user account contracts.

101
00:10:40,110 --> 00:10:41,190
You can read this one.

102
00:10:54,730 --> 00:10:55,690
So you can run this.

103
00:10:55,690 --> 00:11:01,870
And here you can see I'm concerned litigation against the first one is going to 016 da.

104
00:11:02,770 --> 00:11:04,990
That is the da da da.

105
00:11:05,200 --> 00:11:10,360
And second one is the countries in the region where we're seeing in an actual deal and the counties

106
00:11:10,360 --> 00:11:16,900
Pashtu and it also had this pressure to the for region and and the pressure for the relation.

107
00:11:18,250 --> 00:11:20,890
So this is how you find border relation icons.

108
00:11:21,310 --> 00:11:22,310
It's very simple.

109
00:11:22,330 --> 00:11:30,070
Similar to the, uh, we are done in the finding this sort of uh, rushed were are guns.

110
00:11:31,600 --> 00:11:34,630
So that's how far this video cameras are concerned.

111
00:11:34,630 --> 00:11:40,600
The version you need to find what computer accounts are, user accounts, how this litigation.

112
00:11:41,260 --> 00:11:48,580
And you need to also have the local administrator privileges on this machine so you can dump that against

113
00:11:48,580 --> 00:11:49,650
from s memory.

114
00:11:51,110 --> 00:11:54,620
And also we need to wait for the administrator to.

115
00:11:58,130 --> 00:12:01,550
Log onto this web server and access the records.