search

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.
https://www.coresecurity.com
Other
13.37k stars 3.56k forks source link

Added EditGroups.py script to add or remove a user from a specific group you have control over #1731

Open Fabrizzio53 opened 5 months ago

Fabrizzio53 commented 5 months ago

A lot of this code is from https://github.com/ThePorgs/impacket/blob/master/examples/dacledit.py, stuff like pass the hash, ldap connetions and kerberos stuff (still trying to learn how a lot of those magic thing happen lol) and some from htb.

~I'm not a coder so any modifications are more than welcome, I did this script because I saw that there was no impacket like script that modify and abuse any dacls related to Groups. (Maybe I'm wrong, anyways here is what I have)~

============================

I'm dumb lol, after reading again what I wrote I did not said what was the point of the script, after using dacledit for lets say get FullAcess, AddMember, Write , etc... you can use this script to add / remove a user from a specific group

Zamanry commented 5 months ago

Howdy! The original dacledit script originated from #1291. The initial commits there only focused on Users/Computers, but later was modified to support OU manipulation either through manual modification or use of the ‘-inheritance’ parameter. I assume this would allow manipulation of a group (i.e., another container), but better to test it. Could you try that PR out and see if this parameter also works on groups? Cheers

Fabrizzio53 commented 5 months ago

Hello, tried here with dacledit but It doesn't seem to add the user to the group

Zamanry commented 5 months ago

I see now. So this PR has nothing to do with specific DACL modification, but instead AD LDAP Group manipulation? I know it's not in the root Examples folder, but does this do what you mean? https://github.com/fortra/impacket/blob/1bc283fb8520e9f4243fa6db9515f8ad27656ff4/impacket/examples/ldap_shell.py#L286

Fabrizzio53 commented 5 months ago

Oh you are right, forgot that there is a "ldap_shell.py", I think the only difference is that a ldap_shell would need to be called from another script

Fabrizzio53 commented 4 months ago

any news regarding the status of this pr?

anadrianmanrique commented 4 months ago

@Fabrizzio53 sorry for the late response. We will be prioritzing this one for 0.13 release

Fabrizzio53 commented 4 months ago

No problem, much thanks