Closed jsdhasfedssad closed 11 months ago
ShutdownRepo
commented
11 months ago Can you explicitely specify the target domain controller (for the child domain), and try again? I would also make bloodhound or dacledit analysis to assert 100% that you have the right to edit the msDS-KeyCredentialLink attribute, because the tool seems to return a permissions issue, which comes directly from the domain controller
jsdhasfedssad
commented
11 months ago I actually did try targeting the child domain DC and tried checking access rights using dacledit.py before posting. Here is a screenshot of the first but I had issues using dacledit.py so I have no screenshot of that at the moment. I will try again.
ShutdownRepo
commented
11 months ago Alright, then I think it's most likely your user doesn't really have the permission to do shadow creds on the target for some reason.
jsdhasfedssad
commented
11 months ago You were right. Strangely enough adlab_shadow1 did not have write access to child_domainuser1 despite the settings in ADUC...
Authenticating using adlab.local\administrator works.
ShutdownRepo
commented
11 months ago Active Directory shenanigans 🤷 Enjoy! Closing
Hi,
Thank you for this tool.
During testing of the new cross-domain shadow credential writing I encountered an issue. As you can see in the pictures,
adlab.local\adlab_shadow1has full control ofchild.adlab.local\child_domainuser1but still the writing of shadow credentials fails due to insufficient rights. I have no issues writing shadow credentials within a domain.The trust involved is a parent-child trust where
adlab.localis the parent domain andchild.adlab.localis the child domain.