Enumerate Trust

Let’s enumerate the trusts:

ldeep ldap -u Donald.Trump -p 'MaKeam3ricaGr3at' -d newyork.local -s ldap://192.168.56.10 trusts
ldeep ldap -u Donald.Trump -p 'MaKeam3ricaGr3at' -d newyork.local -s ldap://192.168.56.12 trusts

The newyork to maryland trust link is FOREST_TRANSITIVE | TREAT_AS_EXTERNAL due to Sid history enabled
The Maryland to newyork trust link is just FOREST_TRANSITIVE
The corresponding ldap query is : (objectCategory=trustedDomain)
We can observe this with bloodhound too (button map domain trusts)

sudo /usr/bin/./neo4j console

sudo /opt/tools/BloodHound4.2-ly4k/BloodHound-linux-x64/BloodHound  --no-sandbox --disable-dev-shm-usage

PreviousTrust NextDomain Trust - child/parent (north.newyork.local -> newyork.local)

Last updated 2 years ago