Comments (3)
Hi @clementsbr,
I can only guess from your message that you would like to see the Invoke-ACLScanner
functionality implemented. If that's so, rejoice! I'm currently working on implementing the different PowerView ACL functionalities. You can see some of them in the get_objectacl branch.
If you use this branch for your tests and see any problems, wed' be grateful for your issues (hoping that they'll be more detailed than this one).
Cheers,
Y
from pywerview.
Essentially, using the ACL scanner to identify GPOs which have overly permissive write rules. However since get-netgpo does not return a SID and we cannot query on the GPO name/GUID I cannot validate the permissions on GPOs effectively via your python script.
from pywerview.
Hi @clementsbr,
Sorry I took so long to answer. You can check the ACL on a GPO using its name
attribute. Here's an example where I'm looking at the Default Domain Policy:
$ python3 pywerview.py get-objectacl -t srv-ad.contoso.com -u skywalker -p $PASSWORD --name '{31B2F340-016D-11D2-945F-00C04FB984F9}' --resolve-guids --resolve-sids
objectdn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=contoso,DC=com
objectsid:
acetype: ACCESS_ALLOWED_ACE
binarysize: 36
aceflags:
accessmask: 917693
activedirectoryrights: generic_read, create_child, list_children, self, read_property, write_property, list_object,
read_control, write_dacl, write_owner
isinherited: False
securityidentifier: CN=Admins du domaine,CN=Users,DC=contoso,DC=com
iscallbak: False
objectdn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=contoso,DC=com
objectsid:
acetype: ACCESS_ALLOWED_ACE
binarysize: 36
aceflags: container_inherit, inherit_only
accessmask: 983295
activedirectoryrights: generic_read, create_child, delete_child, list_children, self, read_property, write_property,
delete_tree, list_object, delete, read_control, write_dacl, write_owner
isinherited: False
securityidentifier: CN=Admins du domaine,CN=Users,DC=contoso,DC=com
iscallbak: False
[...]
Feel free to re-open the issue if this didn't answer your question.
Cheers,
Y
from pywerview.
Related Issues (20)
- UnicodeDecodeError in invoke-userhunter (develop branch) HOT 2
- Get-NetGroupMember does not work against "Domain Users" group HOT 5
- Any chance of adding kerberos auth? HOT 4
- LDAPSearchError HOT 3
- Return JSON objects HOT 2
- TypeError: 'NoneType' object is not iterable HOT 1
- port to Python 3 HOT 7
- Kali 2020 compatibility HOT 5
- pycrypto module requirement HOT 7
- get-objectacl HOT 1
- Get-netcomputer didn't return all the computers HOT 4
- AttributeError: 'int' object has no attribute 'hex' HOT 2
- Enumerate the state of TGT delegation HOT 3
- Filter "get-netgroup" for RIDs 1000 or higher and output related information based on that HOT 1
- TypeError: unhashable type: 'list' HOT 3
- TypeError: __init__() takes 13 positional arguments but 14 were given HOT 4
- pywerview_main_logger.LDAPRPCRequester - _do_ntlm_auth : Invalid Credentials HOT 3
- get-adserviceaccount command doesn't exist (get-netgmsa is what enumerates gMSA accounts) HOT 1
- "AttributeError: install_layout"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pywerview.