hackervegas001
  • Introduction
  • oscp notes include Active Directory 2023
    • Active Directory
      • Enumeration
        • Traditional Approach
        • Currently Logged on Users
        • Powerview
          • Bypass AMSI
          • Domain User Enum
          • Domain Group Enumeration
          • Domain Computer and Server Enum
          • GPO and OU Enum
          • Domain Shares Enum
          • ACL Enum
        • ADRecon
        • BloodHound
      • Authentication
        • Password Hash Dumping
        • Service Account Attack Kerberoasting Attack
          • using mimikatz
          • using Rubeus
          • Using Impacket
        • AS-REP Roasting
        • Password Guessing
        • SAM for windows password
        • password/hash bruteforcing
      • Lateral Movement
        • Pass the hash
        • OverPass the hash
        • Silver Ticket Attack
        • Pass the hash attack
      • Persistence
        • Golden ticket attack
        • Domain Controller synchronization-Dumping all hashes
      • Misc
        • Login method
        • nt authority\system
    • Windows Priv Esc
      • important links
      • Enumeration
      • checking tools
        • winpeas
        • Windows exploit suggester
        • Sysinternals tools
        • Powerup
      • Escalation Path
        • UAC Bypass
        • Binary hijacking / Insecure file permissions
        • Unquoted Service path
        • kernel exploit
        • Potato attack (SEimpersonation)
          • Juicypotato
          • Printspoofer
          • JuicyPotatoNG
        • DLL/EXE Hijacking
        • Service Binary hijacking
        • Exploit msi file
    • Linux Priv Esc
      • Enumeration
      • Escalation path
        • Cron case
        • Editable /etc/passwd
        • kernel exploit
        • CP SUID
        • aria2c SUID
        • systemctl SUID
    • Commands
      • cut
      • awk
      • sed
    • Tools
      • Netcat
      • Powershell
      • Powercat
      • Nmap
      • nmblookup
      • smbclient
      • enum4linux
      • Nikto
      • Certutil (wget for windows)
      • msfvenom payload for powershell
      • iwr like wget for windows
      • ldapsearch
    • Enumeration
      • DNS Enumeration
      • Port Scanning
      • SMB Enumeration
      • NFS Enumeration
      • SMTP Enumeration
      • SNMP Enumeration
    • Web Applicaton Attacks
      • File Inclusion Vuln
      • sqli
      • misc
      • directory bruteforcing
    • files transfers
      • From Windows
      • To Windows
    • Antivirus Evasion
      • Using script in powershell
      • Using Shellter Tool
      • Veil tool
    • client side attacks
      • Exploiting Microsoft Office
        • Object Linking and Embedding
        • Macro
          • Macro Manually
          • Macro using Minitrue tool
      • Code execution via Windows Library Files
    • Port and Services
      • FTP 21
      • Pop3 110
      • smb 139 445
        • smb enumeration
          • SMB Enum
        • symlink traversal
      • SMTP 25 Enumeration
      • ssh 22
      • ms-sql 1433
      • tftp, udp port 69
      • snmp 161 udp
      • VNC PORT 5801 5901
      • UnrealIRCd IRC service
      • mysql 3306
    • Password Attacks
      • Standard Wordlist
      • Bruteforce Wordlist (Crunch)
      • Network Service Attack
        • Medusa tool
        • RDP attack using Crowbar
        • Hydra
      • Password Cracking
    • Port forwarding and Tunneling
      • Chisel (http Tunneling)
      • Port Forwarding with Rinetd tool
      • ssh Tunneling
        • Local Port Forwarding
        • Remote Port Forwarding
        • Dynamic Port Forwarding
      • Plink for windows
      • Netsh for windows
      • SShuttle
    • Misc
      • Port Scanning through script
      • Tty full interactive shell
      • rdp error
      • powershell ps1 reverse shell
      • updating wordpress cred via mysql
      • wordpress
        • updating wordpress cred via mysql
      • reverse shell via ssh
    • Powershell Empire
      • Listner, Stager and agent
      • Poweshell modules
        • selection
        • Credentials and privesc
        • lateral movement
  • 🖥️Enumeration
    • 🙂:)
      • Enumeration :)
        • FTP
          • Anonymous login
            • Default FTP Client
            • Web Browser
            • Filezilla
          • Insecure ACL (RW)
          • Dictionary Attack
        • SMB
          • SMB Null/Guest Session
            • smbmap
            • smbclient
            • impacket-smbclient
            • nmap
          • Dictionary Based Attack
            • crackmapexec
            • hydra
        • SSH
        • WinRM
        • RDP
        • SMTP
        • MYsql
        • NFS
        • SNMP
    • Exploitation
      • Windows Exploitation
      • Linux Exploitation
    • Buffer Overflow
    • Active Directory
      • Active Directory All Tools And Scripts
      • Active Directory Post Enumeration
      • Active Directory Post Exploitation
    • 🏁Writeups
      • cyberSecLabs
      • Hackthebox
        • Tjnull list
          • lame
          • brainfuck
      • Pg Play | Vulnhub
      • Pg practice
      • TryHackMe
      • To Do
Powered by GitBook
On this page
  1. oscp notes include Active Directory 2023
  2. Active Directory
  3. Enumeration
  4. Powerview

ACL Enum

PreviousDomain Shares EnumNextADRecon

Last updated 1 year ago

ACL Enum

Access Control List

#Get the ACLs associated with the specified object Get-ObjectAcl -SamAccountName student1 –ResolveGUIDs

#GenericWrite for all users > under advanced > Write all properties Get-ObjectAcl -SamAccountName * –ResolveGUIDs | ? { ($.ActiveDirectoryRights -match 'GenericWrite') -and ($.SecurityIdentifier -match 'S-1-5-21-1070240333-336889418-1185445934-1603') }

#Get ACLS with Invoke Scanner(scans the domain for all interesting abusable permissions)

Invoke-ACLScanner -ResolveGUIDs

Refrerence :-

https://medium.com/r3d-buck3t/enumerating-access-controls-in-active-directory-c06e2efa8b89