List vulnerable ACL.
Project description
A python script to automatically list vulnerable Windows ACEs/ACLs.
Installation
You can install it from pypi (latest version is ) with this command:
sudo python3 -m pip install abuseACL
OR from source :
git clone https://github.com/AetherBlack/abuseACL
cd abuseACL
sudo python3 -m pip install -r requirements.txt
sudo python3 setup.py install
Examples
- You want to list vulnerable ACEs/ACLs for the current user :
abuseACL CONTOSO/User:'Password'@dc01.contoso.intra
- You want to list vulnerable ACEs/ACLs for another user/computer/group :
abuseACL -principal Aether CONTOSO/User:'Password'@dc01.contoso.intra
- You want to list vulnerable ACEs/ACLs for a list of users/computers/groups :
abuseACL -principalsfile accounts.txt CONTOSO/User:'Password'@dc01.contoso.intra
Here is an example of principalsfile
content:
Administrateur
Group
aether
Machine$
You can look in the documentation of DACL to find out how to exploit the rights and use dacledit to exploit the ACEs.
How it works
The tool will connect to the DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor, which will be parsed to check for vulnerable rights.
Credits
- @_nwodtuhs for the helpful DACL documentation
- @fortra for developping impacket
License
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
abuseACL-1.0.1.tar.gz
(25.5 kB
view hashes)
Built Distribution
abuseACL-1.0.1-py3-none-any.whl
(29.7 kB
view hashes)