{"id":20411045,"url":"https://github.com/zblurx/acltoolkit","last_synced_at":"2025-07-24T03:02:59.029Z","repository":{"id":65259966,"uuid":"447392926","full_name":"zblurx/acltoolkit","owner":"zblurx","description":"ACL abuse swiss-knife","archived":false,"fork":false,"pushed_at":"2023-02-03T10:27:45.000Z","size":83,"stargazers_count":117,"open_issues_count":1,"forks_count":12,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-27T03:09:11.799Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zblurx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-01-12T22:45:49.000Z","updated_at":"2024-10-18T08:04:53.000Z","dependencies_parsed_at":"2023-02-18T05:45:33.818Z","dependency_job_id":null,"html_url":"https://github.com/zblurx/acltoolkit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zblurx%2Facltoolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zblurx%2Facltoolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zblurx%2Facltoolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zblurx%2Facltoolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zblurx","download_url":"https://codeload.github.com/zblurx/acltoolkit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232333558,"owners_count":18507054,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T05:49:22.934Z","updated_at":"2025-01-03T12:11:45.454Z","avatar_url":"https://github.com/zblurx.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# acltoolkit\n\n`acltoolkit` is an ACL abuse swiss-army knife. It implements multiple ACL abuses. \n\n## Table of Contents\n\n- [acltoolkit](#acltoolkit)\n  - [Table of Contents](#table-of-contents)\n  - [Installation](#installation)\n  - [Usage](#usage)\n  - [Commands](#commands)\n    - [get-objectacl](#get-objectacl)\n    - [set-objectowner](#set-objectowner)\n    - [give-genericall](#give-genericall)\n    - [give-dcsync](#give-dcsync)\n    - [add-groupmember](#add-groupmember)\n    - [set-logonscript](#set-logonscript)\n\n## Installation\n\n```bash\npip install acltoolkit-ad\n```\n\nor\n\n```bash\ngit clone https://github.com/zblurx/acltoolkit.git\ncd acltoolkit\nmake\n```\n\n## Usage\n\n```$ acltoolkit -h\nusage: acltoolkit [-h] [-debug] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-dc-ip ip address] [-scheme ldap scheme]\n                  target {get-objectacl,set-objectowner,give-genericall,give-dcsync,add-groupmember,set-logonscript} ...\n\nACL abuse swiss-army knife\n\npositional arguments:\n  target                [[domain/]username[:password]@]\u003ctarget name or address\u003e\n  {get-objectacl,set-objectowner,give-genericall,give-dcsync,add-groupmember,set-logonscript}\n                        Action\n    get-objectacl       Get Object ACL\n    set-objectowner     Modify Object Owner\n    give-genericall     Grant an object GENERIC ALL on a targeted object\n    give-dcsync         Grant an object DCSync capabilities on the domain\n    add-groupmember     Add Member to Group\n    set-logonscript     Change Logon Sript of User\n\noptions:\n  -h, --help            show this help message and exit\n  -debug                Turn DEBUG output ON\n  -no-pass              don't ask for password (useful for -k)\n  -k                    Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the ones specified in the\n                        command line\n  -dc-ip ip address     IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter\n  -scheme ldap scheme\n\nauthentication:\n  -hashes LMHASH:NTHASH\n                        NTLM hashes, format is LMHASH:NTHASH\n```\n\n## Commands\n\n### get-objectacl\n\n```text\n$ acltoolkit get-objectacl -h\nusage: acltoolkit target get-objectacl [-h] [-object object] [-all]\n\noptions:\n  -h, --help      show this help message and exit\n  -object object  Dump ACL for \u003cobject\u003e. Parameter can be a sAMAccountName, a name, a DN or an objectSid\n  -all            List every ACE of the object, even the less-interesting ones\n```\n\nThe `get-objectacl` will take a sAMAccountName, a name, a DN or an objectSid as input with `-object` and will list Sid, Name, DN, Class, adminCount, LogonScript configured, Primary Group, Owner and DACL of it. If no parameter supplied, will list informations about the account used to authenticate.\n\n```text\n$ acltoolkit waza.local/jsmith:Password#123@192.168.56.112 get-objectacl\nSid                 : S-1-5-21-267175082-2660600898-836655089-1103\nName                : waza\\John Smith\nDN                  : CN=John Smith,CN=Users,DC=waza,DC=local\nClass               : top, person, organizationalPerson, user\nadminCount          : False\n\nLogon Script\n  scriptPath        : \\\\WAZZAAAAAA\\OCD\\test.bat\n  msTSInitialProgram: \\\\WAZZAAAAAA\\OCD\\test.bat\n\nPrimaryGroup\n  Sid               : S-1-5-21-267175082-2660600898-836655089-513\n  Name              : waza\\Domain Users\n  DN                : CN=Domain Users,OU=Builtin Groups,DC=waza,DC=local\n\n[...]\n\nOwnerGroup\n  Sid               : S-1-5-21-267175082-2660600898-836655089-512\n  Name              : waza\\Domain Admins\n\nDacl\n  ObjectSid         : S-1-1-0\n  Name              : Everyone\n  AceType           : ACCESS_ALLOWED_OBJECT_ACE\n  AccessMask        : 256\n  ADRights          : EXTENDED_RIGHTS\n  IsInherited       : False\n  ObjectAceType     : User-Change-Password\n\n[...]\n\n  ObjectSid         : S-1-5-32-544\n  Name              : BUILTIN\\Administrator\n  AceType           : ACCESS_ALLOWED_ACE\n  AccessMask        : 983485\n  ADRights          : WRITE_OWNER, WRITE_DACL, GENERIC_READ, DELETE, EXTENDED_RIGHTS, WRITE_PROPERTY, SELF, CREATE_CHILD\n  IsInherited       : True\n```\n\n### set-objectowner\n\n```text\n$ acltoolkit set-objectowner -h\nusage: acltoolkit target set-objectowner [-h] -target-sid target_sid [-owner-sid owner_sid]\n\noptions:\n  -h, --help            show this help message and exit\n  -target-sid target_sid\n                        Object Sid targeted\n  -owner-sid owner_sid  New Owner Sid\n```\n\nThe `set-objectowner` will take as input a target sid and an owner sid, and will change the owner of the target object.\n\n### give-genericall\n\n```text\n$ acltoolkit give-genericall -h\nusage: acltoolkit target give-genericall [-h] -target-sid target_sid [-granted-sid owner_sid]\n\noptions:\n  -h, --help            show this help message and exit\n  -target-sid target_sid\n                        Object Sid targeted\n  -granted-sid owner_sid\n                        Object Sid granted GENERIC_ALL\n```\n\nThe `give-genericall` will take as input a target sid and a granted sid, and will change give GENERIC_ALL DACL to the granted SID to the target object.\n\n### give-dcsync\n\n```text\n$ acltoolkit give-dcsync -h\nusage: acltoolkit target give-dcsync [-h] [-granted-sid owner_sid]\n\noptions:\n  -h, --help            show this help message and exit\n  -granted-sid owner_sid\n                        Object Sid granted DCSync capabilities\n```\n\nThe `give-dcsync` will take as input a granted sid, and will change give DCSync capabilities to the granted SID.\n\n### add-groupmember\n\n```text\n$ acltoolkit add-groupmember -h\nusage: acltoolkit target add-groupmember [-h] [-user user] -group group\n\noptions:\n  -h, --help    show this help message and exit\n  -user user    User added to a group\n  -group group  Group where the user will be added\n```\n\nThe `add-groupmember` will take as input a user sAMAccountName and a group sAMAccountName, and will add the user to the group\n\n### set-logonscript\n\n```text\n$ acltoolkit set-logonscript -h\nusage: acltoolkit target set-logonscript [-h] -target-sid target_sid -script-path script_path [-logonscript-type logonscript_type]\n\noptions:\n  -h, --help            show this help message and exit\n  -target-sid target_sid\n                        Object Sid of targeted user\n  -script-path script_path\n                        Script path to set for the targeted user\n  -logonscript-type logonscript_type\n                        Logon Script variable to change (default is scriptPath)\n```\n\nThe `set-logonscript` will take as input a target sid and a script path, and will the the Logon Script path of the targeted user to the script path specified.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzblurx%2Facltoolkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzblurx%2Facltoolkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzblurx%2Facltoolkit/lists"}