diff options
| author | Lee Christensen <leechristensen@users.noreply.github.com> | 2017-04-17 15:30:06 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-17 15:30:06 -0700 |
| commit | 834a80fef3f3f61c39aba4fc386d11fb69bf3b95 (patch) | |
| tree | 6da8bb51292d87e6b894be7997cefe771b15188e /Recon | |
| parent | bd6fe64316afe293d6b4cdf095ed3cfb64b6ab25 (diff) | |
| download | PowerSploit-834a80fef3f3f61c39aba4fc386d11fb69bf3b95.tar.gz PowerSploit-834a80fef3f3f61c39aba4fc386d11fb69bf3b95.zip | |
Set explicit LDAP SecurityMask settings
Changed the LDAP SecurityMasks settings so that you can change the Owner/DACL if you only have WriteOwner/WriteDacl permissions on the object (Default SecurityMasks is "Owner, Group, Dacl")
Diffstat (limited to 'Recon')
| -rwxr-xr-x | Recon/PowerView.ps1 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1 index 79a415c..95c136e 100755 --- a/Recon/PowerView.ps1 +++ b/Recon/PowerView.ps1 @@ -6588,6 +6588,7 @@ Set the owner of 'dfm' in the current domain to 'harmj0y' using the alternate cr try { Write-Verbose "[Set-DomainObjectOwner] Attempting to set the owner for '$Identity' to '$OwnerIdentity'" $Entry = $RawObject.GetDirectoryEntry() + $Entry.PsBase.Options.SecurityMasks = 'Owner' $Entry.PsBase.ObjectSecurity.SetOwner($OwnerIdentityReference) $Entry.PsBase.CommitChanges() } @@ -7206,6 +7207,7 @@ https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a ForEach ($ACE in $ACEs) { Write-Verbose "[Add-DomainObjectAcl] Granting principal $($PrincipalObject.distinguishedname) rights GUID '$($ACE.ObjectType)' on $($TargetObject.Properties.distinguishedname)" $TargetEntry = $TargetObject.GetDirectoryEntry() + $TargetEntry.PsBase.Options.SecurityMasks = 'Dacl' $TargetEntry.PsBase.ObjectSecurity.AddAccessRule($ACE) $TargetEntry.PsBase.CommitChanges() } |