- Регистрация
- 31.12.2019
- Сообщения
- 7,137
- Реакции
- 34
This lab will familiarize you with some of the concepts in Cobalt Strike and its modules, as well as Active Directory concepts such as forests, parent/child domains, and trust relationships, and how they can be abused to escalate privileges. let’start
What is Domain Trust Relationships?
Domain trust relationships in Active Directory (AD) are mechanisms that allow domains to share resources and authenticate users between domains. These trust relationships make it easier for users in one domain to access resources in another, thus improving the flexibility and scalability of a network. Here you can see a picture to understand domain trust relationship
Types of Trust Relationships
2. External Trusts:
I have two different domains (ehcorp.local | maamsec.lab) and two active directory environments.
First of all we need to have a successful connectivity to these two domains. My Scenario
First of all we must ensure that two domains are correctly communicating
We can see the two domains’ networks are operational then start trust configuration.
At the next step you can select the direction of the Trust, this is a self-explanatory and select upon your requirement, in my case it is a Two-way Trust, select the option and click on “Next” to continue.
You can define the “Sides of Trust” at the next step and this is also a self-explanatory section, you have to define the side of your trust up on the requirement, in my case it’s “Both this domain and the specified domain”, select the option and click “Next” to continue
You have to select an option to set the Outgoing Trust Authentication Level at the next step and you can define whether this is a “Forest-wide authentication” or “Selective Authentication” — You can see a clear explanation on the wizard and this is also a self-explanatory section , you have to define this separately for local and the Trusted Domain
And we can also check with Powershell
source
[/QUOTE]
What is Domain Trust Relationships?
Domain trust relationships in Active Directory (AD) are mechanisms that allow domains to share resources and authenticate users between domains. These trust relationships make it easier for users in one domain to access resources in another, thus improving the flexibility and scalability of a network. Here you can see a picture to understand domain trust relationship
Types of Trust Relationships
- Parent-Child Trusts
2. External Trusts:
- Manual and One-Way/Two-Way: Created between domains in different forests (separate networks). This can be set to allow access one-way or both ways.
- Manual and Transitive: Connects two entire forests, allowing any domain within one forest to access resources in the other.
- Manual and Transitive: Speeds up access between two domains in the same forest by creating a direct shortcut, like a fast lane
- Manual and Flexible: Connects an Active Directory domain to a non-Windows Kerberos realm, allowing interoperability.
Trust Directions
- One-Way Trust: Domain A trusts Domain B, so users in Domain B can access Domain A, but not the other way around.
- Two-Way Trust: Both domains trust each other, allowing access both ways.
- Resource Sharing: Allows users in different domains to access shared resources like files or printers.
- Centralized Management: Simplifies user management by allowing a single sign-on for accessing resources across multiple domains.
- Migration Support: Helps during company mergers or IT restructuring by maintaining access to resources across old and new domains.
I have two different domains (ehcorp.local | maamsec.lab) and two active directory environments.
First of all we need to have a successful connectivity to these two domains. My Scenario
First of all we must ensure that two domains are correctly communicating
We can see the two domains’ networks are operational then start trust configuration.
- Go to “Server manager” then “Tool” and “Active Directory Domains and Trust” right click on Domain name in these case “maamsec.lab” “Trusts” tab and click on “New Trust…” Then “Welcome to the New Trust Wizard” will start to configure the trust, click “Next” to continue
- Type the domain name of the other domain and click “Next” to continue
- External Trust : Use to provide access to resources located in Windows NT 4.0 domain or a domain located in a separate forest which is not connected by a Forest trust — See When to create External Trust
- Forest Trust: Use to share resources between two forests — See When to create Forest Trust
At the next step you can select the direction of the Trust, this is a self-explanatory and select upon your requirement, in my case it is a Two-way Trust, select the option and click on “Next” to continue.
You can define the “Sides of Trust” at the next step and this is also a self-explanatory section, you have to define the side of your trust up on the requirement, in my case it’s “Both this domain and the specified domain”, select the option and click “Next” to continue
You have to select an option to set the Outgoing Trust Authentication Level at the next step and you can define whether this is a “Forest-wide authentication” or “Selective Authentication” — You can see a clear explanation on the wizard and this is also a self-explanatory section , you have to define this separately for local and the Trusted Domain
- Type the password of the domain which you are going to trust , once you typed it click “Next” to continue
- There are two completion wizards trust selection and completion wizards, all you need to do is click “Next” on these steps
And we can also check with Powershell
source
[/QUOTE]