REMOTE REGISTRY BACKDOOR
This is a Domain Persistence technqiue
Adding our backdoor through Remote Registry of the Domain Controller
(Needs Domain Administrator Privilege)
Retrieving local user account hash remotely from backdoor trustee using persistence of the backdoor anytime
Retrieving machine account hash remotely from backdoor trustee using persistence of the backdoor anytime
This machine account hash from Domain Controller can be used for Silver Ticket attack
Creating a silver ticket to abuse "HOST" service
Creating a silver ticket to abuse "RPCSS" service
After receiving Silver Ticket for RPCSS, WMI calls can be queried
Last updated