# Constrained Delegation

Different to Unconstrained this attack is still dangerous in it's own way, since now it is constrained to "what" can be impersonated all that is needed it to wait for the correct user and the correct or targeted permissions that we are searching for and we can gain access as well to what our goal is, it doesn't necessarily need to be the DC or DA in any matter, yes it will make it easier to reach, but what if the gaol is to get a Database?. Well we should wait for a user that contains SQL permissions, a Webserver?? HTTP Services, and a very promisable one, what if we get a user that has only LDAP permissions we can use an attack called DCSync attack that will permit us to Dump hashes of the entire domain. Yes. The entire domain.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dmcxblue.gitbook.io/red-team-notes/active-directory/untitled/untitled-2.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.