nmap 192.168.1.0-256 -Pn

`from 192.168.1.1 to 192.168.1.100

After having a password

Unconstrained delegation

A feature that a Domain Administrator can set to any Computer inside the domain. Then, anytime a user logins onto the Computer, a copy of the TGT of that user is going to be sent inside the TGS provided by the DC and saved in memory in LSASS. So, if you have Administrator privileges on the machine, you will be able to dump the tickets and impersonate the users on any machine.

if a domain admin logins inside a Computer with "Unconstrained Delegation" feature activated, and you have local admin privileges inside that machine, you will be able to dump the ticket and impersonate the Domain Admin anywhere (domain privesc).

python3 windapsearch.py -d pentesting.local -u pentesting\\ippsec -p Password12345 --dc-ip 192.168.1.50 --unconstrained-computers -o data

python3 [finalDelegation.py](<http://finalDelegation.py>) -dc-ip IP pentest.local/ippsec

python3 GetUsersSPN.py -dc-ip IP pentest.local/ippsec

whoami /groups

ipconfig /all