Abusing Active Directory ACLs

Get which ACLs are assigned over user alex.morph

(Get-ACL "AD:$((Get-ADUser -Identity 'alex.morph').distinguishedname)").access | select ActiveDirectoryRights,IdentityReference

Get-ObjectAcl -Identity alex.morph -ResolveGUIDs | Foreach-Object {$_ | Add-Member -NotePropertyName Identity -NotePropertyValue (ConvertFrom-SID $_.SecurityIdentifier.value) -Force; $_}

Which ACLs do we have over domain groups,

Get-DomainGroup | Get-ObjectAcl -ResolveGUIDs | Foreach-Object {$_ | Add-Member -NotePropertyName Identity -NotePropertyValue (ConvertFrom-SID $_.SecurityIdentifier.value) -Force; $_} | Foreach-Object {if ($_.Identity -eq $("$env:UserDomain\$env:Username")) {$_}}

Same command above but for domain users,

Get-DomainUser | Get-ObjectAcl -ResolveGUIDs | Foreach-Object {$_ | Add-Member -NotePropertyName Identity -NotePropertyValue (ConvertFrom-SID $_.SecurityIdentifier.value) -Force; $_} | Foreach-Object {if ($_.Identity -eq $("$env:UserDomain\$env:Username")) {$_}}

PreviousLinux NextReadLAPSPassword

Last updated 2 years ago