Skip to content

Commit

Permalink
docs: missing linux clean up command (SpecterOps#402)
Browse files Browse the repository at this point in the history
  • Loading branch information
JonasBK authored Feb 9, 2024
1 parent 8ecba58 commit d4b68d3
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> Targeted Kerberoast </Typography>

<Typography variant='body2'>
Expand Down Expand Up @@ -218,6 +224,11 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (
<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>
<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>
<Typography variant='body1'> Retrieve LAPS Password </Typography>
<Typography variant='body2'>
Full control of a computer object is abusable when the computer's local admin account
Expand Down Expand Up @@ -304,6 +315,11 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (
<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>
<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>
<Typography variant='body1'> Resource-Based Constrained Delegation </Typography>
<Typography variant='body2'>
First, if an attacker does not control an account with an SPN set, a new attacker-controlled
Expand Down Expand Up @@ -368,14 +384,20 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (

<Typography component={'pre'}>
{
"dacledit.py -action 'DCSync' -rights 'FullControl' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
"dacledit.py -action 'write' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> DCSync </Typography>

<Typography variant='body2'>
Expand Down Expand Up @@ -433,6 +455,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body2'>
With full control of a GPO, you may make modifications to that GPO which will then apply to the
users and computers affected by the GPO. Select the target object you wish to push an evil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> Targeted Kerberoast </Typography>

<Typography variant='body2'>
Expand Down Expand Up @@ -218,6 +224,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (
<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>
<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> Retrieve LAPS Password </Typography>
<Typography variant='body2'>
Full control of a computer object is abusable when the computer's local admin account
Expand Down Expand Up @@ -304,6 +316,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (
<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>
<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> Resource-Based Constrained Delegation </Typography>
<Typography variant='body2'>
First, if an attacker does not control an account with an SPN set, a new attacker-controlled
Expand Down Expand Up @@ -368,14 +386,20 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (

<Typography component={'pre'}>
{
"dacledit.py -action 'DCSync' -rights 'FullControl' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
"dacledit.py -action 'write' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> DCSync </Typography>

<Typography variant='body2'>
Expand Down Expand Up @@ -433,6 +457,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { targetId: string; haslaps: boolean }> = (
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body2'>
With full control of a GPO, you may make modifications to that GPO which will then apply to the
users and computers affected by the GPO. Select the target object you wish to push an evil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { haslaps: boolean }> = ({
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> Targeted Kerberoast </Typography>

<Typography variant='body2'>
Expand Down Expand Up @@ -242,6 +248,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { haslaps: boolean }> = ({
<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>
<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> Retrieve LAPS Password </Typography>
<Typography variant='body2'>
Full control of a computer object is abusable when the computer's local admin account
Expand Down Expand Up @@ -335,6 +347,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { haslaps: boolean }> = ({
<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>
<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> Resource-Based Constrained Delegation </Typography>
<Typography variant='body2'>
First, if an attacker does not control an account with an SPN set, a new attacker-controlled
Expand Down Expand Up @@ -408,14 +426,20 @@ const LinuxAbuse: FC<EdgeInfoProps & { haslaps: boolean }> = ({

<Typography component={'pre'}>
{
"dacledit.py -action 'DCSync' -rights 'FullControl' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
"dacledit.py -action 'write' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body2'>
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'DCSync' -principal 'controlledUser' -target-dn 'DomainDisinguishedName' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body1'> DCSync </Typography>

<Typography variant='body2'>
Expand Down Expand Up @@ -482,6 +506,12 @@ const LinuxAbuse: FC<EdgeInfoProps & { haslaps: boolean }> = ({
Cleanup of the added ACL can be performed later on with the same tool:
</Typography>

<Typography component={'pre'}>
{
"dacledit.py -action 'remove' -rights 'FullControl' -principal 'controlledUser' -target 'targetUser' 'domain'/'controlledUser':'password'"
}
</Typography>

<Typography variant='body2'>
With full control of a GPO, you may make modifications to that GPO which will then apply to the
users and computers affected by the GPO. Select the target object you wish to push an evil
Expand Down

0 comments on commit d4b68d3

Please sign in to comment.