☠️
Pentesting Articles and Notes
  • Welcome!
  • Windows
    • Active Directory
      • Kerberos Authentication
      • Enumeration
        • Basic Enumeration
        • Access Control Lists
        • Domain Trusts and Forests Enumeration
        • User Hunting
        • Domain Enumeration With BloodHound
      • Credential Dumping
        • DCSync Attack
      • Privilege Escalation
        • AS-REP Roasting
        • Kerberoasting
        • DNS Administrators
        • Setting Object SPN's
        • Unconstrained Delegation
        • Constrained Delegation
      • Persistence
        • Abusing ACLs
        • AdminSDHolder
        • Custom Security Service Providers (SSP's)
        • Directory Services Restore Mode (DSRM)
        • Modifying Remote Protocol Security Descriptors
        • Golden Tickets
        • Silver Tickets
        • Skeleton Keys
      • Powershell Remoting
      • Lateral Movement
        • Child to Parent Movement Across Trusts
        • Trust Abuse Between Forests
        • MSSQL Server Trust Abuse
        • Overpass the Hash
  • Coding
    • Pentesting With Python
      • Basic Threading
  • Network Attacks
    • Man-In-The-Middle Attacks
      • ARP Spoofing
      • DNS Spoofing Attacks
Powered by GitBook
On this page
  • Trusts
  • Get a List of All Trusts in the Current Domain
  • Listing All Trusts in Another Forest (If Your Current Forest is in a Bi-Directional Trust With Another Forest)
  • Forest Mapping
  • Get Details About the Current Forest
  • Get All Domains in the Current Forest
  • Get All Global Catalogs for the Current Forest
  • Map Trusts of a Forest
  1. Windows
  2. Active Directory
  3. Enumeration

Domain Trusts and Forests Enumeration

Trusts

Get a List of All Trusts in the Current Domain

Get-NetDomainTrust [-Domain <domain>] # PowerView
Get-ADTrust -Filter * [-Identity <domain>] # AD Module
  • Using pywerview.py

python pywerview.py get-netdomaintrust -w bizcorp.local -u <user> -p <pass> -t <dc> [-d <domain>] 

Listing All Trusts in Another Forest (If Your Current Forest is in a Bi-Directional Trust With Another Forest)

Get-NetForestDomain -Forest <forest> | Get-NetDomainTrust # PowerView

Forest Mapping

Get Details About the Current Forest

Get-NetForest [-Forest <forest>] # PowerView
Get-ADForest [-Identity <forest>] # AD Module

Get All Domains in the Current Forest

Get-NetForestDomain [-Forest <forest>] # PowerView
(Get-ADForest).Domains # AD Module

Get All Global Catalogs for the Current Forest

Get-NetForestCatalog [-Forest <forest>] # PowerView
Get-ADForest | select -ExpandProperty GlobalCatalogs # AD Module

Map Trusts of a Forest

Get-NetForestTrust [-Forest <forest>] # PowerView
Get-ADTrust -Filter 'msDS-TrustForestTrustInfo -ne "$null"' # AD Module
PreviousAccess Control ListsNextUser Hunting

Last updated 3 years ago