search

ACL With BloodHound

MATCH p=(u)-[r1]->(n) WHERE r1.isacl=true and not tolower(u.name) contains 'vagrant' and u.admincount=false and not tolower(u.name) contains 'key' RETURN p

hashtag
NewYork.local ACL

To start we will focus on the sevenkingdoms killchain of ACL by starting with Donald.Trump (password: MaKeam3ricaGr3at)

  • The path here is :

    • Donald.Trump-> hugo.Chavez: Change password user

    • hugo.Chavez-> ramon.Maldonado: Generic Write user

    • ramon.Maldonado-> nicolas.Maduro: WriteDacl on user

    • nicolas.Maduro-> RadioCity : add member on group

    • RadioCity -> EmpireState: write owner group to group

    • EmpireState -> CentralPark: write owner to group

    • CentralPark -> diego.Montenegro: Generic all on User

    • diego.Montenegro-> NYC: Generic all on Computer

PreviousHunting with bloodhoundNextForceChangePassword on User (Donald-> Hugo)

Last updated