The command "setOwner" fails with "AttributeError: 'bytes' object has no attribute 'aces'"

CravateRouge / bloodyAD

BloodyAD is an Active Directory Privilege Escalation Framework

MIT License

1.12k stars 112 forks source link

The command "setOwner" fails with "AttributeError: 'bytes' object has no attribute 'aces'" #9

Closed jsdhasfedssad closed 2 years ago

jsdhasfedssad commented 2 years ago

Yes, you guessed it :)

Either the command "setOwner" is broken or I am doing something wrong :) I am using your latest code and the account domainadmin1 is a domain administrator.

Also, how do I check who the current owner is? Both as in before exploiting this in order to be able to restore that owner afterwards and as in verifying that the owner has changed.

CravateRouge commented 2 years ago

The latest commit 4259411 should do the trick. It was not directly linked to setOwner but a formatter I added to get a pretty output of nTSecurityDescriptor.

jsdhasfedssad commented 2 years ago

Great! This now works. The SID of the old owner is outputted when changing the owner. I can use that to set the owner back to the previous one.