Skip to content

Latest commit

 

History

History
93 lines (62 loc) · 2.44 KB

README.md

File metadata and controls

93 lines (62 loc) · 2.44 KB

A python script to automatically list vulnerable Windows ACEs/ACLs.
PyPI GitHub release (latest by date)

Installation

You can install it from pypi (latest version is PyPI) with this command:

sudo python3 -m pip install abuseACL

OR from source :

git clone https://github.com/AetherBlack/abuseACL
cd abuseACL
sudo python3 -m pip install -r requirements.txt
sudo python3 setup.py install

OR with pipx :

python3 -m pipx install git+https://github.com/AetherBlack/abuseACL/

Examples

  • You want to list vulnerable ACEs/ACLs for the current user :
abuseACL $DOMAIN/$USER:"$PASSWORD"@$TARGET

  • You want to list vulnerable ACEs/ACLs for another user/computer/group :
abuseACL -principal Aether $DOMAIN/$USER:"$PASSWORD"@$TARGET

  • You want to list vulnerable ACEs/ACLs for a list of users/computers/groups :
abuseACL -principalsfile accounts.txt $DOMAIN/$USER:"$PASSWORD"@$TARGET

Here is an example of principalsfile content:

Administrateur
Group
aether
Machine$

  • You want to list vulnerable ACEs/ACLs on Schema or on adminSDHolder :
abuseACL -extends $DOMAIN/$USER:"$PASSWORD"@$TARGET

You can look in the documentation of DACL to find out how to exploit the rights and use dacledit to exploit the ACEs.

How it works

The tool will connect to the DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor, which will be parsed to check for vulnerable rights.

Credits

License

GNU General Public License v3.0