Internal Infrastructure Pentest - Skeleton Key Attack

less than 1 minute read

  • Skeleton Key Attack: This attack is very tricky. It makes the secondary password for the same user. Many malware takes advantage of this attack to create persistence in a network. Both passwords works for the Domain Users.

  • Things Needed:
    • Domain Admin rights
    • Mimikatz
    • Control of every domain controller in a network
  • Mimikatz Commands:
    • privilege::debug
    • misc::skeleton