Internal Infrastructure Pentest - Skeleton Key Attack
-
Skeleton Key Attack: This attack is very tricky. It makes the secondary password for the same user. Many malware takes advantage of this attack to create persistence in a network. Both passwords works for the Domain Users.
- Things Needed:
- Domain Admin rights
- Mimikatz
- Control of every domain controller in a network
- Mimikatz Commands:
- privilege::debug
- misc::skeleton