Foreign group and users
Foreign group and users
On bloodhound we can see very easily that there is link between the domains with the following query (Careful this query is fine in a lab but this will certainly be a little too heavy in a real world AD)
NewYork.Local
North.NewYork.Local
Maryland.Local
On the lab you will find some specifics groups to pass from one domain to the other.
As you already have done the acl part previously you will easily find the way to exploit that.
newyork.local to maryland.local: group KGB
To do that just pick a user from the RadioCity and exploit with the KGB group
RDP
Loading PowerView.ps1 to ParrotOS Lab Machine
Uploading it to the Windows Server
Change Teresa PWD
And verify
We can also to that with shadow credentials (but the auto will not work here, we will have to do that with two steps)
Maryland to NewYork : group MainMultiDoms
In the same way we can exploit the Maryland to NewYork foreign group
Last updated