Skip to content
/ BashGPOAbuse Public

Convenient shell script wrappers around bloodyAD, pyGPOAbuse, and impacket-dacledit to make DACL misconfigurations on GPOs slightly easier to exploit

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kennystrawnmusic/BashGPOAbuse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
README.md
README.md
 
 
gplink.sh
gplink.sh
 
 
localadmin.sh
localadmin.sh
 
 
revshell.sh
revshell.sh
 
 

Repository files navigation

BashGPOAbuse

Convenient shell script wrappers around bloodyAD, pyGPOAbuse, and impacket-dacledit to make DACL misconfigurations on Active Directory Group Policy Objects (GPOs) slightly easier to exploit

Components:

  • gplink.sh — uses bloodyAD to streamline the process of linking and immediately enabling GPOs from a Linux machine (it's incredibly difficult otherwise) by writing to LDAP directly
  • localadmin.sh — abuses GPOs to make your compromised user the local admin either on every machine in an OU or, if the --site parameter is applied, on every machine throughout the domain including all domain controllers
  • revshell.sh — abuses GPOs to spawn a reverse shell with TrustedInstaller privileges
  • More to come

About

Convenient shell script wrappers around bloodyAD, pyGPOAbuse, and impacket-dacledit to make DACL misconfigurations on GPOs slightly easier to exploit

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages