gdedrouas
commented
8 years ago File format would be json as that's what I do for configuration files.
Theoretically, nothing prevents from merging different domains results together, as using DN nodes guarantees unicity. Still, foreignSecurityPrincipals remain a problem, as they do not have the same format in their domain of origin.
I won't close this issue straightaway, as I'm still pondering the best way to treat multi domains cases.
I know this is on roadmap but just to keep a track of it (also I have some suggestions) :)
So, it would be awesome to provide Dump.ps1 a file containing all required information to proceed dump on multiple domains.
Such a file could have this structure: domainFQDNorIP:SYSVOLpath:DomainName:User:Password
Good practice is to have users being able to log on domains they only have to (meaning all users shouldn't be able to log on every existing domain), if so providing User:Password on per domain would guarantee Dump.ps1 working as expected.
Sometimes users of a specific domain have special rights on other domains/forest (like in Administrative forest or just not well hardened AD), so it would be awesome to be able to add to control paths these kind of users (thus proceeding control paths on cross domain users).
Moreover, as doing a pentest you don't always have a valid user per domain straightaway, it would be nice to be able to re-compute control paths once you obtained such user. This could be done by adding a new feature where you can provide domains you want to look for.