Added EditGroups.py script to add or remove a user from a specific group you have control over #1731
Conversation
…groups objects in ad
Fabrizzio53
changed the title
|
Howdy! The original dacledit script originated from #1291. The initial commits there only focused on Users/Computers, but later was modified to support OU manipulation either through manual modification or use of the ‘-inheritance’ parameter. I assume this would allow manipulation of a group (i.e., another container), but better to test it. Could you try that PR out and see if this parameter also works on groups? Cheers |
|
Hello, tried here with dacledit but It doesn't seem to add the user to the group |
Fabrizzio53
changed the title
|
I see now. So this PR has nothing to do with specific DACL modification, but instead AD LDAP Group manipulation? I know it's not in the root impacket/impacket/examples/ldap_shell.py Line 286 in 1bc283f |
|
Oh you are right, forgot that there is a "ldap_shell.py", I think the only difference is that a ldap_shell would need to be called from another script |
|
any news regarding the status of this pr? |
|
@Fabrizzio53 sorry for the late response. We will be prioritzing this one for 0.13 release |
|
No problem, much thanks |
anadrianmanrique
added
in review
A lot of this code is from https://github.com/ThePorgs/impacket/blob/master/examples/dacledit.py, stuff like pass the hash, ldap connetions and kerberos stuff (still trying to learn how a lot of those magic thing happen lol) and some from htb.
I'm not a coder so any modifications are more than welcome, I did this script because I saw that there was no impacket like script that modify and abuse any dacls related to Groups. (Maybe I'm wrong, anyways here is what I have)============================
I'm dumb lol, after reading again what I wrote I did not said what was the point of the script, after using dacledit for lets say get FullAcess, AddMember, Write , etc... you can use this script to add / remove a user from a specific group