Suggestion for abusing intra-realm and inter-realm attacks using pre2k

[jsdhasfedssad]

Hi,

Thank you for this tool!

I have a suggestion. I tested your tool in a parent-child (intra-realm) trust abuse scenario and in a bidirectional forest (inter-realm) trust abuse scenario. Basically I am trying to attack the parent/target domain or the target forest by executing the auth command using credentials from the related child/source domain or from the related source forest. This fails.

This is not very surprising since your tool uses the domain entered using the -d flag as both the domain for the authentication and for knowing which domain to attack. There is no way to enter a domain for authentication only.

Could this tool be updated to support the above scenarious? Perhaps keep the functionality of the current -d flag but add support for authentication the way Impacket does it. Ie [domain]/[username]:[password]" and of course corresponding NT hash, AES keys and Kerberos authentication?

Thanks!

[garrettfoster13]

Hey @jsdhasfedssad thanks for the suggestion. Will look into this soon and it shouldn't be hard to adjust the base_dn for the initial query and then set the target domain for the spray afterwards. I don't think I'll be adjusting the authentication syntax at this time though.