Child to parent domain

How it works

Once you gain Domain Admin privileges within the child domain its possible to get Enterprise Admin in the parent domain by generating a golden ticket in the child domain with the SID of the Enterprise Admin group.

The attack can be performed in two ways, abusing the trust key or the krbtgt hash.

pageKrbtgt hash pageTrust key

PreviousHopping domains and forests NextKrbtgt hash

Last updated 1 year ago