Back to Details

performing-active-directory-forest-trust-attack

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Performing Active Directory Forest Trust Attack

执行Active Directory林信任攻击

Overview

概述

Active Directory forest trusts enable authentication across organizational boundaries but introduce attack surface if misconfigured. This skill uses impacket to enumerate trust relationships, analyze SID filtering configuration, detect SID history abuse vectors, perform cross-forest SID lookups via LSA/LSAT RPC calls, and assess inter-realm Kerberos ticket configurations for trust ticket forgery risks.
Active Directory林信任支持跨组织边界的身份验证,但如果配置不当会引入攻击面。本技能使用impacket枚举信任关系,分析SID过滤配置,检测SID历史滥用向量,通过LSA/LSAT RPC调用执行跨林SID查询,并评估跨领域Kerberos票据配置以发现信任票据伪造风险。

When to Use

使用场景

  • When conducting security assessments that involve performing active directory forest trust attack
  • When following incident response procedures for related security events
  • When performing scheduled security testing or auditing activities
  • When validating security controls through hands-on testing
  • 当进行涉及Active Directory林信任攻击的安全评估时
  • 当针对相关安全事件执行事件响应流程时
  • 当执行定期安全测试或审计活动时
  • 当通过实操测试验证安全控制措施时

Prerequisites

前提条件

  • Python 3.9+ with 
    impacket
    , 
    ldap3
  • Domain credentials with read access to AD trust objects
  • Network access to Domain Controllers (ports 389, 445, 88)
  • Authorized penetration testing engagement or lab environment
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.
  • 安装有
    impacket
    ldap3
    的Python 3.9+环境
  • 具有AD信任对象读取权限的域凭据
  • 能够访问域控制器的网络权限(端口389、445、88)
  • 已授权的渗透测试项目或实验环境
法律声明: 本技能仅用于授权的安全测试和教育目的。未经授权对非自有或未获得书面测试许可的系统使用本技能属违法行为,可能违反计算机欺诈相关法律。

Steps

步骤

  1. Enumerate forest trust relationships via LDAP trusted domain objects
  2. Query trust attributes and SID filtering status for each trust
  3. Perform SID lookups across trust boundaries using LsarLookupNames3
  4. Enumerate foreign security principals in trusted domains
  5. Check for SID history on cross-forest accounts
  6. Assess trust direction and transitivity for lateral movement paths
  7. Generate trust security audit report with risk findings
  1. 通过LDAP受信任域对象枚举林信任关系
  2. 查询每个信任的属性和SID过滤状态
  3. 使用LsarLookupNames3执行跨信任边界的SID查询
  4. 枚举受信任域中的外部安全主体
  5. 检查跨林账户的SID历史记录
  6. 评估信任方向和传递性以寻找横向移动路径
  7. 生成包含风险发现的信任安全审计报告

Expected Output

预期输出

  • JSON report listing all trust relationships, SID filtering status, foreign principals, trust direction/transitivity, and risk assessment
  • Cross-forest attack path analysis with remediation recommendations
  • 列出所有信任关系、SID过滤状态、外部主体、信任方向/传递性以及风险评估的JSON报告
  • 包含修复建议的跨林攻击路径分析