📄
Bufu-Sec Wiki
GithubTwitter
  • Bufu-Sec Wiki
  • Active Directory
    • General
      • General
      • Installation
      • DNS
      • Kerberos
      • Kerberos Delegation
    • Enumeration
      • AD Module
      • Bloodhound
      • PowerShell Cheatsheet
      • PowerView Cheatsheet
      • Users
      • Groups
      • Computers
      • OUs
      • GPOs
      • ACLs
      • Domains
      • Trusts
      • Forest Mappings
      • Files and Shares
      • Kerbrute
    • Privilege Escalation
      • Kerberoasting
      • AS-REP Roasting
      • Constrained Delegation
      • Unconstrained Delegation
      • DNS Admins
    • Lateral Movement
      • PS Remoting
      • Credential Dumping
      • DC Sync
      • Overpass the Hash
      • Ticket Harvesting
      • Pass the Ticket
    • Persistence
      • Golden Tickets
      • Silver Tickets
      • ACL Attacks
      • Custom SSPs
      • DC Shadow
      • Skeleton Key
      • DSRM
    • Trust Attacks
      • Cross Domain Attacks
      • Cross Forest Attacks
      • MSSQL Servers
    • MITM & Relay Attacks
      • LLMNR Poisoning
      • SMB Relay
      • IPv6 Attacks
    • Detection & Defense
      • Domain Admins
      • Architectural Changes
      • Microsoft ATA
Powered by GitBook
On this page
  • General
  • Get All Trusts for the Current Domain
  • Get Trusts for Specific Domain
  1. Active Directory
  2. Enumeration

Trusts

General

  • Relationship between two domains or forest

  • Trusted Domain Objects (TDOs) represent trust relationship in a domain

  • Types of trusts

    • One-way: users in trusted domain can access resources in the trusting domain

    • Two-way trust: users of both domains can access resources in the other domain

    • Transitive: If A and B trust each other and B and C trust each other, A and C also trust each other (default between domains in same forest)

    • Non-transitive: cannot be extended to other domains in the forest (default between two domains in different forests)

    • Automatic trust: created automatically when creating new subdomain (parent-child, tree-root)

    • Shortcut trusts: used to reduce access time in complex trust scenarios

    • External trusts: between two domains in different forests when forests do not have a turst relationships

    • Forest trusts: between forest root domains

Get All Trusts for the Current Domain

# AD Module
Get-ADTrust
Get-ADTrust -Filter * | Select Source,Target,Direction

# PowerView
Get-NetDomainTrust

Get Trusts for Specific Domain

# AD Module
Get-ADTrust -Identity test.lab.local

# PowerView
Get-NetDomainTrust -Domain test.lab.local
PreviousDomainsNextForest Mappings

Last updated 2 years ago