From 834a80fef3f3f61c39aba4fc386d11fb69bf3b95 Mon Sep 17 00:00:00 2001
From: Lee Christensen <leechristensen@users.noreply.github.com>
Date: Mon, 17 Apr 2017 15:30:06 -0700
Subject: Set explicit LDAP SecurityMask settings

Changed the LDAP SecurityMasks settings so that you can change the Owner/DACL if you only have WriteOwner/WriteDacl permissions on the object (Default SecurityMasks is "Owner, Group, Dacl")
---
 Recon/PowerView.ps1 | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Recon')

diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index 79a415c..95c136e 100755
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -6588,6 +6588,7 @@ Set the owner of 'dfm' in the current domain to 'harmj0y' using the alternate cr
                 try {
                     Write-Verbose "[Set-DomainObjectOwner] Attempting to set the owner for '$Identity' to '$OwnerIdentity'"
                     $Entry = $RawObject.GetDirectoryEntry()
+                    $Entry.PsBase.Options.SecurityMasks = 'Owner'
                     $Entry.PsBase.ObjectSecurity.SetOwner($OwnerIdentityReference)
                     $Entry.PsBase.CommitChanges()
                 }
@@ -7206,6 +7207,7 @@ https://social.technet.microsoft.com/Forums/windowsserver/en-US/df3bfd33-c070-4a
                     ForEach ($ACE in $ACEs) {
                         Write-Verbose "[Add-DomainObjectAcl] Granting principal $($PrincipalObject.distinguishedname) rights GUID '$($ACE.ObjectType)' on $($TargetObject.Properties.distinguishedname)"
                         $TargetEntry = $TargetObject.GetDirectoryEntry()
+                        $TargetEntry.PsBase.Options.SecurityMasks = 'Dacl'
                         $TargetEntry.PsBase.ObjectSecurity.AddAccessRule($ACE)
                         $TargetEntry.PsBase.CommitChanges()
                     }
-- 
cgit v1.2.3