Open Fabrizzio53 opened 5 months ago
Howdy! The original dacledit script originated from #1291. The initial commits there only focused on Users/Computers, but later was modified to support OU manipulation either through manual modification or use of the ‘-inheritance’ parameter. I assume this would allow manipulation of a group (i.e., another container), but better to test it. Could you try that PR out and see if this parameter also works on groups? Cheers
Hello, tried here with dacledit but It doesn't seem to add the user to the group
I see now. So this PR has nothing to do with specific DACL modification, but instead AD LDAP Group manipulation? I know it's not in the root Examples
folder, but does this do what you mean? https://github.com/fortra/impacket/blob/1bc283fb8520e9f4243fa6db9515f8ad27656ff4/impacket/examples/ldap_shell.py#L286
Oh you are right, forgot that there is a "ldap_shell.py", I think the only difference is that a ldap_shell would need to be called from another script
any news regarding the status of this pr?
@Fabrizzio53 sorry for the late response. We will be prioritzing this one for 0.13 release
No problem, much thanks
A lot of this code is from https://github.com/ThePorgs/impacket/blob/master/examples/dacledit.py, stuff like pass the hash, ldap connetions and kerberos stuff (still trying to learn how a lot of those magic thing happen lol) and some from htb.
~I'm not a coder so any modifications are more than welcome, I did this script because I saw that there was no impacket like script that modify and abuse any dacls related to Groups. (Maybe I'm wrong, anyways here is what I have)~
============================
I'm dumb lol, after reading again what I wrote I did not said what was the point of the script, after using dacledit for lets say get FullAcess, AddMember, Write , etc... you can use this script to add / remove a user from a specific group