I found AddSelf and GenericWrite but it doesn’t accept any of my answers. Can you help please? I got it. Thanks.
Uff don’t remember well this one, maybe you can write me DM and refresh my memorie about this one
the answer is just above your question
This module has some problems when it comes to targeted enumeration. Instead of using the * for identity you can use “GPO Management”.
PS C:\Tools> $sid = Convert-NameToSid forend
PS C:\Tools> Get-DomainObjectACL -Identity "GPO Management" -ResolveGUIDs | ? {$_.SecurityIdentifier -eq $sid}
and you have your answer in few seconds… not hours xD
I got it. Thanks. Bloodhound only showed half the answer.
Thanks a lot, you saved me an hour or searching
A life-saver right here! Thanks!
Se-- Me–
get-DomainObjectACL -ResolveGUIDs -Identity “GPO Management” | ? {$_.SecurityIdentifier -eq $sid} -verbose
modify the Identity arg and sid being the sid of forend
superb
To answer the last question of ACL Enumeration: Google “addself bloodhound” and you will discover an article by “The Hacker Recipes” titled “DACL abuse”.
I made a script using PowerView.exe commands. i was able to retrieve the first right. However, the chapter encourage to use both tools so I recommend to learn both of them. I just want to let you know that the script, or put the commands straight forward in PowerShell will achieve the same goals. My script did not take more then 1 or 2 minutes to show its results. I saw comments here that their commands got freeze or take longer to show its results. It maybe their internet connection or any other problem with hackthebox machines. I just want to share that you don’t have to feel frustrated. Keep trying until you accomplish the mission.
I will post the script on a new post because I am not sure if we are allow to share scripts like this with you all people, in case not, I will delete it, but this post will still help you. My script It is still tricky, but if you really read the put attention on the question, you will find the answer right away. Just for future reference, this is not the fastest way. There is a lot of other method that get you to the same results faster.
Here is the script.! remember to Import-Module ./PowerView.exe in ordert to execute these commands.
Get ACLs for the GPO Management group
$acl = Get-ObjectAcl -SamAccountName ‘GPO Management’ -ResolveGUIDs
Write-Output “ACLs for GPO Management group:”
Write-Output $acl
Filter ACL entries for the forend user
$forendAces = $acl | Where-Object { $_.IdentityReference -like ‘forend’ }
Write-Output “Filtered ACL entries for the forend user:”
Write-Output $forendAces
Review the first right
$firstRight = $forendAces | Select-Object -First 1
Write-Output “First right for the forend user:”
Write-Output $firstRight
Extract and display the ObjectAceType
$objectAceType = $firstRight.ObjectAceType
Write-Output “ObjectAceType of the first right:”
Write-Output $objectAceType
Doesn’t work for me. It end without results.
I only need the last question, the previous one its done by bloodhound.thanks
If anyone can hep me, DM please.
You didnt even understand why people say it takes Time it means one thing, chatgpt is awesome…
If you read my answer and you looked at the “course” the difference is easy to spot…
And last thing, you dont import-module of .exe…
Chatgpt is really great but useless if you didnt understand the concepts studied
Hint: targeted vs enum’em all
on the GPO management group question on ObjectAceType
$sid = Convert-NametoSid forend
Get-DomainObjectACL -ResolveGUIDs -Identity * | ? {$_.SecurityIdentifier -eq $sid2} -Verbose
The command does not freeze, it works but have to wait like 20-30 minutes
ps it is Self-Membership