diff options
| author | Will <HarmJ0y@users.noreply.github.com> | 2017-04-26 14:06:25 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-26 14:06:25 -0700 |
| commit | cb14cf11abe0645cbc295a310a4e3af4a46bae72 (patch) | |
| tree | 6da8bb51292d87e6b894be7997cefe771b15188e | |
| parent | bd6fe64316afe293d6b4cdf095ed3cfb64b6ab25 (diff) | |
| parent | 834a80fef3f3f61c39aba4fc386d11fb69bf3b95 (diff) | |
| download | PowerSploit-cb14cf11abe0645cbc295a310a4e3af4a46bae72.tar.gz PowerSploit-cb14cf11abe0645cbc295a310a4e3af4a46bae72.zip | |
Merge pull request #231 from leechristensen/patch-4
Set explicit LDAP SecurityMasks settings
| -rwxr-xr-x | Recon/PowerView.ps1 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index 79a415c..95c136e 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -6588,6 +6588,7 @@ Set the owner of 'dfm' in the current domain to 'harmj0y' using the alternate cr try { Write-Verbose "[Set-DomainObjectOwner] Attempting to set the owner for '$Identity' to '$OwnerIdentity'" $Entry = $RawObject.GetDirectoryEntry() + $Entry.PsBase.Options.SecurityMasks = 'Owner' $Entry.PsBase.ObjectSecurity.SetOwner($OwnerIdentityReference) $Entry.PsBase.CommitChanges() } @@ -7206,6 +7207,7 @@ https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a ForEach ($ACE in $ACEs) { Write-Verbose "[Add-DomainObjectAcl] Granting principal $($PrincipalObject.distinguishedname) rights GUID '$($ACE.ObjectType)' on $($TargetObject.Properties.distinguishedname)" $TargetEntry = $TargetObject.GetDirectoryEntry() + $TargetEntry.PsBase.Options.SecurityMasks = 'Dacl' $TargetEntry.PsBase.ObjectSecurity.AddAccessRule($ACE) $TargetEntry.PsBase.CommitChanges() } |