Child to parent domain

How it works

Once you gain Domain Admin privileges within the child domain its possible to get Enterprise Admin in the parent domain by generating a golden ticket in the child domain with the SID of the Enterprise Admin group.

The attack can be performed in two ways, abusing the trust key or the krbtgt hash.

pageKrbtgt hashpageTrust key

Last updated