AD Enumeration & Attacks | Academy

I found AddSelf and GenericWrite but it doesn’t accept any of my answers. Can you help please? I got it. Thanks.

Uff don’t remember well this one, maybe you can write me DM and refresh my memorie about this one

the answer is just above your question :wink:

This module has some problems when it comes to targeted enumeration. Instead of using the * for identity you can use “GPO Management”.

PS C:\Tools> $sid = Convert-NameToSid forend
PS C:\Tools> Get-DomainObjectACL -Identity "GPO Management" -ResolveGUIDs | ? {$_.SecurityIdentifier -eq $sid}

and you have your answer in few seconds… not hours xD

4 Likes

I got it. Thanks. Bloodhound only showed half the answer.

Thanks a lot, you saved me an hour or searching

A life-saver right here! Thanks!

Se-- Me–

get-DomainObjectACL -ResolveGUIDs -Identity “GPO Management” | ? {$_.SecurityIdentifier -eq $sid} -verbose

modify the Identity arg and sid being the sid of forend

superb