-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GenericWrite ACL not collected on OU #38
Comments
Agree this should be collected on OUs as well if possible |
I think historically, we've resisted adding this edge because the exploitation of this primitive is very complex and relies on several factors that are hard to enumerate. Maybe its time we took another look at it, but exploitation is still very complex, relying on ability to add DNS records or new computers for example |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The ACL Processor collects GenericAll, WriteDACL and WriteOwner ACLs on all object types.
For GenericWrite and WriteProperty, it collects the ACLs only for User, Group and Computer (and to some extent GPOs):
SharpHoundCommon/src/CommonLib/Processors/ACLProcessor.cs
Lines 338 to 392 in a2cc6c1
I just stumbled upon a case where an Everyone has GenericWrite on an OU, this can be exploited as shown in the following articles:
I think this edge should also be collected on OUs. What do you think?
Thanks a lot for your great work!
The text was updated successfully, but these errors were encountered: