noPac.exe
(sAMAccountName spoofing exploit) is written by cube0x0. I notice that he didn't refer example command to compromise the parent domain. -dc
parameter as a domain controller of the parent domain without specifying -domain
parameter because if you specify a parent domain name with the credentials of a child domain user, invalid credentials error occurs in the NetworkCredential
class. gotham.unsafe.local
by the noPac exploit and it fails our objective. So NetworkCredential.argDomain
should be empty. Username and password are enough to connect parent DC successfully. (trust relations) We can see this adding line 399.