Toolkit for abusing unconstrained delegation. Requires impacket and ldap3 to function. It is recommended to install impacket from git directly to have the latest version available.
More info about this toolkit available in my blog https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/
This tool can add/remove/modify Service Principal Names on accounts in AD over LDAP.
Add/modify/delete Active Directory Integrated DNS records via LDAP.
Given an account with unconstrained delegation privileges, dump Kerberos TGT's of users connecting to hosts similar to ntlmrelayx.
- Specifying SMB as target is not yet complete, it's recommended to run in export mode and then use secretsdump with
-k - Conversion tool from/to ccache/kirbi
- SMB1 support in the SMB relay server