A python script to automatically list vulnerable Windows ACEs/ACLs.

Installation

You can install it from pypi (latest version is ) with this command:

sudo python3 -m pip install abuseACL

OR from source :

git clone https://github.com/AetherBlack/abuseACL
cd abuseACL
sudo python3 -m pip install -r requirements.txt
sudo python3 setup.py install

OR with pipx :

python3 -m pipx install git+https://github.com/AetherBlack/abuseACL/

Examples

• You want to list vulnerable ACEs/ACLs for the current user :

abuseACL $DOMAIN/$USER:"$PASSWORD"@$TARGET

• You want to list vulnerable ACEs/ACLs for another user/computer/group :

abuseACL -principal Aether $DOMAIN/$USER:"$PASSWORD"@$TARGET

• You want to list vulnerable ACEs/ACLs for a list of users/computers/groups :

abuseACL -principalsfile accounts.txt $DOMAIN/$USER:"$PASSWORD"@$TARGET

Here is an example of principalsfile content:

Administrateur
Group
aether
Machine$

• You want to list vulnerable ACEs/ACLs on Schema or on adminSDHolder :

abuseACL -extends $DOMAIN/$USER:"$PASSWORD"@$TARGET

You can look in the documentation of DACL to find out how to exploit the rights and use dacledit to exploit the ACEs.

How it works

The tool will connect to the DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor, which will be parsed to check for vulnerable rights.

---

Credits

• @_nwodtuhs for the helpful DACL documentation
• @fortra for developping impacket

License

GNU General Public License v3.0