> For the complete documentation index, see [llms.txt](https://dmcxblue.gitbook.io/red-team-notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dmcxblue.gitbook.io/red-team-notes/active-directory/untitled/untitled-2.md). # Constrained Delegation Different to Unconstrained this attack is still dangerous in it's own way, since now it is constrained to "what" can be impersonated all that is needed it to wait for the correct user and the correct or targeted permissions that we are searching for and we can gain access as well to what our goal is, it doesn't necessarily need to be the DC or DA in any matter, yes it will make it easier to reach, but what if the gaol is to get a Database?. Well we should wait for a user that contains SQL permissions, a Webserver?? HTTP Services, and a very promisable one, what if we get a user that has only LDAP permissions we can use an attack called DCSync attack that will permit us to Dump hashes of the entire domain. Yes. The entire domain. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes/active-directory/untitled/untitled-2.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.