Skip to content
This repository has been archived by the owner on Sep 2, 2022. It is now read-only.

Added GenericWrite edge for GPOs #79

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added GenericWrite edge for GPOs #79

wants to merge 1 commit into from

Conversation

pkb1s
Copy link

@pkb1s pkb1s commented Jul 30, 2019

SharpHound currently does not detect Edit Settings permissions on a GPO. However, this level of access can be used as part of an attack path.

image

The current version of SharpHound generates the following:

before_genericwrite

After the changes the graph includes the 2 more users:

after_genericwrite

I hope this helps.

Thanks

@andyrobbins
Copy link

Hey @pkb1s, thanks a lot for this PR! Looks very cool and of course your recent blog post about this was very interesting as well. Here's my request before we merge this in: can you create and post a video showing the attack in action, from beginning to end? Showing the specific permissions on the GPO, setting up your dummy domain controller, serving an evil schedule task, and showing that evil scheduled task running?

@pkb1s
Copy link
Author

pkb1s commented Dec 19, 2019

Hi @andyrobbins, apologies for the delay. I have included the video you requested below:
https://www.youtube.com/watch?v=3QSRTUGEzEA

@andyrobbins
Copy link

Excellent, thank you for making that vid, @pkb1s. Very straight forward. We are going to test a few things on our side to confirm but you should expect to see this edge start showing up in the next release.

Copy link

@fastlorenzo fastlorenzo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works well for me. I implemented the same fix locally and then noticed this PR :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants