diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/Owns/LinuxAbuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/Owns/LinuxAbuse.tsx index 35c71baa05..c9e8afa164 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/Owns/LinuxAbuse.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/Owns/LinuxAbuse.tsx @@ -120,6 +120,12 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + Targeted Kerberoast @@ -218,6 +224,11 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + Retrieve LAPS Password Full control of a computer object is abusable when the computer's local admin account @@ -304,6 +315,11 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + Resource-Based Constrained Delegation First, if an attacker does not control an account with an SPN set, a new attacker-controlled @@ -368,7 +384,7 @@ const LinuxAbuse: FC = ( { - "dacledit.py -action 'DCSync' -rights 'FullControl' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" + "dacledit.py -action 'write' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" } @@ -376,6 +392,12 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" + } + + DCSync @@ -433,6 +455,12 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + With full control of a GPO, you may make modifications to that GPO which will then apply to the users and computers affected by the GPO. Select the target object you wish to push an evil diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteDacl/LinuxAbuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteDacl/LinuxAbuse.tsx index 98fee8ad8b..47af018981 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteDacl/LinuxAbuse.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteDacl/LinuxAbuse.tsx @@ -120,6 +120,12 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + Targeted Kerberoast @@ -218,6 +224,12 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + Retrieve LAPS Password Full control of a computer object is abusable when the computer's local admin account @@ -304,6 +316,12 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + Resource-Based Constrained Delegation First, if an attacker does not control an account with an SPN set, a new attacker-controlled @@ -368,7 +386,7 @@ const LinuxAbuse: FC = ( { - "dacledit.py -action 'DCSync' -rights 'FullControl' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" + "dacledit.py -action 'write' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" } @@ -376,6 +394,12 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" + } + + DCSync @@ -433,6 +457,12 @@ const LinuxAbuse: FC = ( Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + With full control of a GPO, you may make modifications to that GPO which will then apply to the users and computers affected by the GPO. Select the target object you wish to push an evil diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteOwner/LinuxAbuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteOwner/LinuxAbuse.tsx index 71f4143489..cd77a41d25 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteOwner/LinuxAbuse.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/WriteOwner/LinuxAbuse.tsx @@ -137,6 +137,12 @@ const LinuxAbuse: FC = ({ Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + Targeted Kerberoast @@ -242,6 +248,12 @@ const LinuxAbuse: FC = ({ Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + Retrieve LAPS Password Full control of a computer object is abusable when the computer's local admin account @@ -335,6 +347,12 @@ const LinuxAbuse: FC = ({ Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + Resource-Based Constrained Delegation First, if an attacker does not control an account with an SPN set, a new attacker-controlled @@ -408,7 +426,7 @@ const LinuxAbuse: FC = ({ { - "dacledit.py -action 'DCSync' -rights 'FullControl' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" + "dacledit.py -action 'write' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" } @@ -416,6 +434,12 @@ const LinuxAbuse: FC = ({ Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'" + } + + DCSync @@ -482,6 +506,12 @@ const LinuxAbuse: FC = ({ Cleanup of the added ACL can be performed later on with the same tool: + + { + "dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'" + } + + With full control of a GPO, you may make modifications to that GPO which will then apply to the users and computers affected by the GPO. Select the target object you wish to push an evil