Attacking Domain Trusts - Cross-Forest Trust Abuse - from Linux

Hello everyone,

I would like to ask for some help with the last question in Attacking Domain Trusts - Cross-Forest Trust Abuse - from Linux.

The question goes “Log in to the ACADEMY-EA-DC03.FREIGHTLOGISTICS.LOCAL Domain Controller using the Domain Admin account password submitted for question #2 and submit the contents of the flag.txt file on the Administrator desktop.”

I cant find a way how to “Log in” into ACADEMY-EA-DC03.FREIGHTLOGISTICS.LOCAL. I have nmaped the machine to find that neither RDP nor SSH is open for connection. This submodule does not elaborate much further so I’ve also tried to look back to other submodules and cant say I’m much smarter. Only reasonable way to do so might be using evil-winrm but I couldn’t make that work either.

Thank you for the help.

Thanks to help from discord, I’ve managed to answer that question.


Full hint - command

  • FREIGHTLOGISTICS.LOCAL/sapsso@academy-ea-dc03.inlanefreight.local -target-ip