Practice
  • 🛤️TryHackMe Rooms
    • HackersVsHackers
    • Vulnnet - The End Game
    • Surfer
    • Corridor
    • Mustacchio
    • Wordpress: CVE-2021-29447
    • Bounty Hacker
    • Simple CTF
    • Agent Sudo
    • Lazy Admin
    • Ignite
    • Brooklynn 99
    • c4ptur3th3fl4g
    • Lian_Yu
    • Rabbit
    • Gallery
    • Overpass
    • Team
    • Easy Peasy
    • CmesS
    • Ultratech
    • Wonderland
    • Anonymous
    • GamingServer
    • Tomghost
    • ConvertMyVideo
    • DogCat
    • Blog
    • Git Happens
    • 0day
    • Road
    • Inferno
    • Opacity
    • Market Place
    • Valley CTF
    • Weasel
    • SafeZone
    • Blueprint
    • Fusion Corp
    • Quotient
    • Unbaked Pie
    • Kenobi
    • Steel Mountain
    • Alfred
    • Hack Park
    • Game Zone
    • Daily Bugle
    • Retro
    • Corp
    • Attacktive Directory
    • Vulnnet - Roasted
    • Vulnnet - Active
    • Vulnnet - Internal
    • Enterprise - Hard
    • Iron Corp - Hard
    • Ra - Hard
    • For Business Reasons
  • 📦HackTheBox
    • Linux Boxes
      • Lame
      • Shocker
      • Nibbles
      • Beep
      • Cronos
      • Nineveh
      • Sense
      • Solidstate
      • Node
      • Valentine
      • Poison
      • Sunday
      • Irked
      • FriendZone
      • Networked
      • Jarvis
      • Tabby
      • Mirai
      • Popcorn
    • Windows Boxes
      • Active
      • Forest
      • ChatterBox
      • Resolute
      • Intelligence
  • 🤖CTF's
    • CloudSEK CTFs
    • ACM Cyber - UCLA
  • ¯\_(ツ)_/¯
    • Interview Topics
  • 🪣BOF - OSCP
    • Basics
    • Spiking
    • FUZZing
    • Finding the Offset
    • Overwriting the EIP
    • Finding BAD Characters
    • Finding RIGHT Module
    • Generating Shellcode
  • 📛Active Directory
    • Basics
      • Managing AD Users
      • Managing AD Computers
      • Group Policies
      • Authentication Methods
      • Trees, Forests and Trusts
    • Enumeration Techniques
    • Initial Attack Vectors
    • Post Compromise Enumeration
    • Post Compromise Attacks
      • Token Impersonation - LM
      • Kerberoasting
      • cPassword / GPP Attack
      • URL File Attacks
      • PrintNightmare
      • Golden Ticket Attacks
      • ZeroLogon Attacks
    • Lateral Movement and Pivoting
      • File Transfers
      • Spawning Processes Remotely
      • Moving Laterally with WMI
      • Alternate Authentication Material
      • Abusing User's Behaviour
      • Port Forwarding
      • Maintaing Access
      • Pivoting
      • Cleaning Up
    • Other Resources
  • 🛡️Powershell Basics
    • Getting Started
      • Functions
  • 😁Others
    • API Security
    • Cloud Security
  • Enumeration
    • Local PrivEsc
    • Remoting
    • Persistence
    • Kerberos
Powered by GitBook
On this page
  • Trees
  • Forests
  • Trust Relationships
  1. Active Directory
  2. Basics

Trees, Forests and Trusts

PRACTICE ! PRACTICE ! PRACTICE !

PreviousAuthentication MethodsNextEnumeration Techniques

Last updated 2 years ago

So far we've discussed how to handle a Single Domain, the role of Domain Controller and how it joins Computers, Servers and Users

But these days no companies maintain thier buisness with a Single Domain, so there must be some additional needs to push them by having more than one !

Trees

Active Directory supports integrating multiple domains so that you can partition your network into units that can be managed separately

If suppose we have two domains that share the same namespace (xbersec.local ), those domains can be joined into a Tree

If our xbersec.local domain was split into two subdomains for UK and INDIA branches, we could build a tree with a root domain of xbersec.local and two subdomains called uk.xbersec.local and in.xbersec.local, each with its AD, Computers and Users

A new security group needs to be introduced when talking about trees and forests - Enterprise Admins

This group will grant a user administrative privileges over all of an enterprise's domains

  • Each domain would still have its own Domain Admins with administrator privileges over their single domains and the Enterprise Admins who can control everything in the enterprise

Forests

For example, Suppose our company continues to grow big then we'll eventually acquire another company called say MHT Inc

  • When both the companies merge, we'll probably have different domain trees for each company, each managed by its own IT department

  • The union of several trees with different namespaces into the same network is known as a Forest

Trust Relationships

Having multiple domains organised in trees and forest allows us to have a nice compartmentalised network with respect to management and resources

  • But what if, a user at uk.thm.local wants to access a shared file in one of asia.mht.local servers

  • For this to happen, domains arranged in trees and forests are joined together by trust relationships

There are two kinds of trust relationships namely

  • one-way trust relationship

  • two-way trust relationship

In a One-way trust, if Domain AAA trusts Domain BBB, this means that a user on BBB can be authorised to access resources on AAA ( which can be a fileserver for an example )

In a Two-way trust, It can be made to allow both domains to mutually authorise users from the other

  • By default, joining several domains under a tree or a forest will form a two-way trust relationship :)

📛