Play Doh Windows ACL Tools

Related tags

Utilities PDacl
Overview

PDacl

Play Doh Windows ACL Tools

相关阅读:Windows权限控制相关的防御与攻击技术

Introduction

PDAcl 是一个支持Windows活动目录扩展权限设置、Windows活动目录常规权限设置、Windows服务权限设置的命令工具。

C:\>PDAcl.exe -h
Play Doh Windows ACL Tools. - By Rvn0xsy
[@] Blog : https://payloads.online/
Usage: C:\PDAcl.exe [OPTIONS] SUBCOMMAND

Options:
  -h,--help                   Print this help message and exit

Subcommands:
  AD-ExtendRights             ActiveDirectory ExtendRights
  AD-Rights                   ActiveDirectory Rights
  Service                     Service Rights


C:\>PDAcl.exe AD-ExtendRights -h
ActiveDirectory ExtendRights
Usage: C:\PDAcl.exe AD-ExtendRights [OPTIONS]

Options:
  -h,--help                   Print this help message and exit
  -a,--add                    Add Right to Object.
  -r,--remove                 Remove ActiveDirectory ExtendedRight
  -u,--user TEXT              Username,e.g. DomainName\Rvn0xsy.
  -e,--extended-right TEXT    ActiveDirectory ExtendedRight
  -s,--server TEXT            ActiveDirectory Server LDAP Path.
  -l,--list                   List All ActiveDirectory ExtendedRights .

Usage

添加DCSync权限

PDAcl.exe AD-ExtendRights -a -u domain\user1 -e DS-Replication-Get-Changes -s DC=domain,DC=com

移除DCSync权限

PDAcl.exe AD-ExtendRights -r -u domain\user1 -e DS-Replication-Get-Changes -s DC=domain,DC=com

添加计算机修改权限

PDAcl.exe AD-Rights -a -s CN=John-PC,CN=Computers,DC=Domain,DC=com -e ADS-Right-Generic-Write -u domain\user1

添加任意用户可修改的服务权限

PDAcl.exe Service -a -s ServiceName -e Service-All-Access -u Everyone

Rights List

AD-ExtendRights

[*] Abandon-Replication
[*] Add-GUID
[*] Allocate-Rids
[*] Allowed-To-Authenticate
[*] Apply-Group-Policy
[*] Certificate-Enrollment
[*] Change-Domain-Master
[*] Change-Infrastructure-Master
[*] Change-PDC
[*] Change-Rid-Master
[*] Change-Schema-Master
[*] Create-Inbound-Forest-Trust
[*] DS-Check-Stale-Phantoms
[*] DS-Clone-Domain-Controller
[*] DS-Execute-Intentions-Script
[*] DS-Install-Replica
[*] DS-Query-Self-Quota
[*] DS-Replication-Get-Changes
[*] DS-Replication-Get-Changes-All
[*] DS-Replication-Get-Changes-In-Filtered-Set
[*] DS-Replication-Manage-Topology
[*] DS-Replication-Monitor-Topology
[*] DS-Replication-Synchronize
[*] Do-Garbage-Collection
[*] Domain-Administer-Server
[*] Enable-Per-User-Reversibly-Encrypted-Password
[*] Generate-RSoP-Logging
[*] Generate-RSoP-Planning
[*] Manage-Optional-Features
[*] Migrate-SID-History
[*] Open-Address-Book
[*] Read-Only-Replication-Secret-Synchronization
[*] Reanimate-Tombstones
[*] Recalculate-Hierarchy
[*] Recalculate-Security-Inheritance
[*] Receive-As
[*] Refresh-Group-Cache
[*] Reload-SSL-Certificate
[*] Run-Protect-Admin-Groups-Task
[*] SAM-Enumerate-Entire-Domain
[*] Send-As
[*] Send-To
[*] Unexpire-Password
[*] Update-Password-Not-Required-Bit
[*] Update-Schema-Cache
[*] User-Change-Password
[*] User-Force-Change-Password
[*] msmq-Open-Connector
[*] msmq-Peek
[*] msmq-Peek-Dead-Letter
[*] msmq-Peek-computer-Journal
[*] msmq-Receive
[*] msmq-Receive-Dead-Letter
[*] msmq-Receive-computer-Journal
[*] msmq-Receive-journal
[*] msmq-Send

AD-Rights

[*] ADS-Right-Access-System-Security
[*] ADS-Right-Actrl-Ds-List
[*] ADS-Right-Delete
[*] ADS-Right-Ds-Control-Access
[*] ADS-Right-Ds-Create-Child
[*] ADS-Right-Ds-Delete-Child
[*] ADS-Right-Ds-Delete-Tree
[*] ADS-Right-Ds-List-Object
[*] ADS-Right-Ds-Read-Prop
[*] ADS-Right-Ds-Self
[*] ADS-Right-Ds-Write-Prop
[*] ADS-Right-Generic-All
[*] ADS-Right-Generic-Execute
[*] ADS-Right-Generic-Read
[*] ADS-Right-Generic-Write
[*] ADS-Right-Red-Control
[*] ADS-Right-Synchronize
[*] ADS-Right-Write-DAC
[*] ADS-Right-Write-Owner

Service Rights

[*] Access-System-Security
[*] Delete
[*] Generic-Execute
[*] Generic-Read
[*] Generic-Write
[*] Read-Control
[*] Service-All-Access
[*] Service-Change-Config
[*] Service-Enumerate-Dependents
[*] Service-Interrogate
[*] Service-Pause-Continue
[*] Service-Query-Config
[*] Service-Query-Status
[*] Service-Start
[*] Service-Stop
[*] Service-User-Defined-Control
[*] Write-Dac
[*] Write-Owner
You might also like...
Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux
Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux

Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux. Its main purpose is to help developers visualize the execution flow of a complex application.

Windows x64 rootkit
Windows x64 rootkit

P4tch3r Windows x64 rootkit (tested on Windows 7) It's PoC of patching NtTerminateProcess function by just overwriting instructions catching arguments

AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows
AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows

AlleyWind AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows. AlleyWind could: Displays a graphic

WinMerge is an Open Source differencing and merging tool for Windows.
WinMerge is an Open Source differencing and merging tool for Windows.

WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.

x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

NoPatchGuardCallback x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code Read: https://www.godeye.club/2021/05/22/00

An asynchronous directory file change watcher module for Windows, macOS and Linux wrapped for V

A V module for asynchronously watching for file changes in a directory. The module is essentially a wrapper for septag/dmon. It works for Windows, macOS and Linux.

WhyNotWin11 - Detection Script to help identify why your PC isn't Windows 11 ready
WhyNotWin11 - Detection Script to help identify why your PC isn't Windows 11 ready

Detection Script to help identify why your PC isn't Windows 11 ready

C/C++ Windows Process Injector for Educational Purposes.

ProcessInjector C/C++ Windows Process Injector for Educational Purposes. What does this software do? This is a simple process injector that uses the C

Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates in order to find the patterns.
Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates in order to find the patterns.

Back 2 the Future Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates i

Releases(0.1)
  • 0.1(Jan 31, 2021)

    C:\>PDAcl.exe -h
    Play Doh Windows ACL Tools. - By Rvn0xsy
    [@] Blog : https://payloads.online/
    Usage: C:\PDAcl.exe [OPTIONS] SUBCOMMAND
    
    Options:
      -h,--help                   Print this help message and exit
    
    Subcommands:
      AD-ExtendRights             ActiveDirectory ExtendRights
      AD-Rights                   ActiveDirectory Rights
      Service                     Service Rights
    
    
    Source code(tar.gz)
    Source code(zip)
    PDAcl.zip(463.30 KB)
Owner
倾旋
知者不惑,仁者不忧,勇者不惧。
倾旋
A library to play Commodore 64 music

libsidplayfp ============ https://github.com/libsidplayfp/libsidplayfp libsidplayfp is a C64 music player library which integrates the reSID SID chi

null 28 Nov 21, 2022
the checkra1n set of tools targeting bare metal, Linux and Windows

Universal toolchain Low-effort cross-compiling for the masses. What's Universal toolchain? It's a collection of sysroots and shell scripts in such a w

null 66 Nov 21, 2022
A collection of tools to abuse chrome browser

A collection of tools to abuse chrome browser

batsec 266 Nov 14, 2022
This is a collection of tools for creating and manipulating BitTorrent v2 torrent files

torrent tools This is a collection of tools for creating and manipulating BitTorrent v2 torrent files. torrent-new can create hybrid torrents, but the

Arvid Norberg 9 Nov 12, 2022
Tools for analyzing and browsing Tarmac instruction traces.

Tarmac Trace Utilities Arm Tarmac Trace Utilities is a suite of tools to read, analyze and browse traces of running programs in the 'Tarmac' textual f

Arm Software 35 Oct 30, 2022
Open-CMSIS-Pack development tools - C++

CMSIS-Pack Development Tools and Libraries This repository contains the source code of command line tools and library components for processing meta i

Open-CMSIS-Pack 31 Nov 2, 2022
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and

Ido Westler 157 Nov 12, 2022
Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Perfusion On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) s

Clément Labro 397 Nov 18, 2022
CVE-­2021­-1732 Microsoft Windows 10 本地提权漏 研究及Poc/Exploit开发

CVE-2021-1732 CVE-2021-1732 Microsoft Windows 10 本地提权漏 研究及Poc/Exploit开发 受影响系统及应用版本 Windows Server, version 20H2 (Server Core Installation) Windows 10

null 74 Nov 9, 2022
Windows user-land hooks manipulation tool.

MineSweeper Windows user-land hooks manipulation tool. Highlights Supports any x64/x86 Windows DLL (actually, any x64/x86 Windows PE for that matter)

Arsenii Pustovit 128 Nov 20, 2022