https://github.com/000pp/oao

⚙️ Operating Account Operators (OAO) is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc...
https://github.com/000pp/oao

ace acl ad blueteam exploit golang hacking ldap operator redteam windows

Last synced: 21 days ago
JSON representation

⚙️ Operating Account Operators (OAO) is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc...

• Host: GitHub
• URL: https://github.com/000pp/oao
• Owner: 000pp
• License: mit
• Created: 2023-04-23T18:46:56.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2023-12-18T22:48:38.000Z (over 1 year ago)
• Last Synced: 2025-04-24T02:02:27.462Z (21 days ago)
• Topics: ace, acl, ad, blueteam, exploit, golang, hacking, ldap, operator, redteam, windows
• Language: Go
• Homepage: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups
• Size: 24.4 KB
• Stars: 7
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# ⚙️ OAO (Operating Account Operators)

> ⚙️ Operating Account Operators (OAO) is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc...



 








    

    

    

    

    



___

### 🕵️ What is OAO?

🕵️ **OAO** is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc... This tool has been developed and maintened by oppsec and [mezzanine](https://github.com/march0s1as)




### ⚡ Installing / Getting started

A quick guide of how to install and use OAO.

```shell

1. go install github.com/oppsec/OAO@latest

2. OAO -u domain.local/username:password@IP -g 'Domain Admins' -m add/rem

```

You can use `go install github.com/oppsec/OAO@latest` to update the tool




### ⚙️ Pre-requisites

- [Golang](https://go.dev/dl/) installed on your machine

- An valid user on domain with LDAP access




### ✨ Features

- Interact direct with LDAP (not malicious)

- Windows shell don't required

- Extremely fast

- Low RAM and CPU usage

- Made in Golang




### ⚔️ Attack Scenario & Suggestions

First of all, we suggest you use this tool in combination with BloodHound to easily find exploitable paths. You can find a real attack scenario in our article we used another version to just add a specific user to a group with high privileges and use DSync attack to extract the Domain Admin NTLM hash.



    

    



    

    



    






### 🔨 Contributing

A quick guide of how to contribute with the project.

```shell

1. Create a fork from OAO repository

2. Download the project with git clone https://github.com/your/OAO.git

3. cd OAO/

4. Make your changes

5. Commit and make a git push

6. Open a pull request

```




### ⚠️ Warning

- The developer is not responsible for any malicious use of this tool.