![](./.github/banner.png)
<p align="center">
A python script to automatically list vulnerable Windows ACEs/ACLs.
<br>
<img alt="PyPI" src="https://img.shields.io/pypi/v/abuseACL">
<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/AetherBlack/abuseACL">
<a href="https://twitter.com/intent/follow?screen_name=san__yohan" title="Follow"><img src="https://img.shields.io/twitter/follow/san__yohan?label=AetherBlack&style=social"></a>
<br>
</p>
## Installation
You can install it from pypi (latest version is <img alt="PyPI" src="https://img.shields.io/pypi/v/abuseACL">) with this command:
```bash
sudo python3 -m pip install abuseACL
```
OR from source :
```bash
git clone https://github.com/AetherBlack/abuseACL
cd abuseACL
sudo python3 -m pip install -r requirements.txt
sudo python3 setup.py install
```
OR with pipx :
```bash
python3 -m pipx install git+https://github.com/AetherBlack/abuseACL/
```
## Examples
- You want to list vulnerable ACEs/ACLs for the current user :
```bash
abuseACL $DOMAIN/$USER:"$PASSWORD"@$TARGET
```
![](./docs/img/1.png)
- You want to list vulnerable ACEs/ACLs for another user/computer/group :
```bash
abuseACL -principal Aether $DOMAIN/$USER:"$PASSWORD"@$TARGET
```
![](./docs/img/3.png)
- You want to list vulnerable ACEs/ACLs for a list of users/computers/groups :
```bash
abuseACL -principalsfile accounts.txt $DOMAIN/$USER:"$PASSWORD"@$TARGET
```
Here is an example of `principalsfile` content:
```
Administrateur
Group
aether
Machine$
```
![](./docs/img/4.png)
- You want to list vulnerable ACEs/ACLs on Schema or on adminSDHolder :
```bash
abuseACL -extends $DOMAIN/$USER:"$PASSWORD"@$TARGET
```
![](./docs/img/2.png)
You can look in the documentation of [DACL](https://www.thehacker.recipes/a-d/movement/dacl) to find out how to exploit the rights and use [dacledit](https://github.com/ThePorgs/impacket/blob/master/examples/dacledit.py) to exploit the ACEs.
## How it works
The tool will connect to the DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor, which will be parsed to check for vulnerable rights.
---
## Credits
- [@_nwodtuhs](https://twitter.com/_nwodtuhs) for the helpful [DACL](https://www.thehacker.recipes/a-d/movement/dacl) documentation
- [@fortra](https://github.com/fortra/) for developping [impacket](https://github.com/fortra/impacket)
## License
[GNU General Public License v3.0](./LICENSE)
Raw data
{
"_id": null,
"home_page": "https://github.com/AetherBlack/abuseACL",
"name": "abuseACL",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6, <4",
"maintainer_email": "",
"keywords": "abuseACL ActiveDirectory AD",
"author": "Aether",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/21/21/cdac30bf89a85b0e4a9718000da0f5802f64101ae73d056f7e2a8d34eeb2/abuseACL-1.1.2.tar.gz",
"platform": null,
"description": "![](./.github/banner.png)\n\n<p align=\"center\">\n A python script to automatically list vulnerable Windows ACEs/ACLs.\n <br>\n <img alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/abuseACL\">\n <img alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/AetherBlack/abuseACL\">\n <a href=\"https://twitter.com/intent/follow?screen_name=san__yohan\" title=\"Follow\"><img src=\"https://img.shields.io/twitter/follow/san__yohan?label=AetherBlack&style=social\"></a>\n <br>\n</p>\n\n## Installation\n\nYou can install it from pypi (latest version is <img alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/abuseACL\">) with this command:\n\n```bash\nsudo python3 -m pip install abuseACL\n```\n\nOR from source :\n\n```bash\ngit clone https://github.com/AetherBlack/abuseACL\ncd abuseACL\nsudo python3 -m pip install -r requirements.txt\nsudo python3 setup.py install\n```\n\nOR with pipx :\n\n```bash\npython3 -m pipx install git+https://github.com/AetherBlack/abuseACL/\n```\n\n## Examples\n\n- You want to list vulnerable ACEs/ACLs for the current user :\n\n```bash\nabuseACL $DOMAIN/$USER:\"$PASSWORD\"@$TARGET\n```\n\n![](./docs/img/1.png)\n\n- You want to list vulnerable ACEs/ACLs for another user/computer/group :\n\n```bash\nabuseACL -principal Aether $DOMAIN/$USER:\"$PASSWORD\"@$TARGET\n```\n\n![](./docs/img/3.png)\n\n- You want to list vulnerable ACEs/ACLs for a list of users/computers/groups :\n\n```bash\nabuseACL -principalsfile accounts.txt $DOMAIN/$USER:\"$PASSWORD\"@$TARGET\n```\n\nHere is an example of `principalsfile` content:\n\n```\nAdministrateur\nGroup\naether\nMachine$\n```\n\n![](./docs/img/4.png)\n\n- You want to list vulnerable ACEs/ACLs on Schema or on adminSDHolder :\n\n```bash\nabuseACL -extends $DOMAIN/$USER:\"$PASSWORD\"@$TARGET\n```\n\n![](./docs/img/2.png)\n\nYou can look in the documentation of [DACL](https://www.thehacker.recipes/a-d/movement/dacl) to find out how to exploit the rights and use [dacledit](https://github.com/ThePorgs/impacket/blob/master/examples/dacledit.py) to exploit the ACEs.\n\n## How it works\n\nThe tool will connect to the DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor, which will be parsed to check for vulnerable rights.\n\n---\n\n## Credits\n\n- [@_nwodtuhs](https://twitter.com/_nwodtuhs) for the helpful [DACL](https://www.thehacker.recipes/a-d/movement/dacl) documentation\n- [@fortra](https://github.com/fortra/) for developping [impacket](https://github.com/fortra/impacket)\n\n## License\n\n[GNU General Public License v3.0](./LICENSE)\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "List vulnerable ACL.",
"version": "1.1.2",
"project_urls": {
"Bug Tracker": "https://github.com/AetherBlack/abuseACL/issues",
"Homepage": "https://github.com/AetherBlack/abuseACL"
},
"split_keywords": [
"abuseacl",
"activedirectory",
"ad"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "708878efc982f89a5e5f253867e5874faf51d2c22459e3e421ebc78f7c044709",
"md5": "85100c40154ff3cd97e4643d9c196ab0",
"sha256": "3bcc7592450e290a4973c7f2f2cdd00301fcb20309808903f71cb5da6bcc18ac"
},
"downloads": -1,
"filename": "abuseACL-1.1.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "85100c40154ff3cd97e4643d9c196ab0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6, <4",
"size": 31839,
"upload_time": "2023-12-20T09:38:22",
"upload_time_iso_8601": "2023-12-20T09:38:22.335018Z",
"url": "https://files.pythonhosted.org/packages/70/88/78efc982f89a5e5f253867e5874faf51d2c22459e3e421ebc78f7c044709/abuseACL-1.1.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "2121cdac30bf89a85b0e4a9718000da0f5802f64101ae73d056f7e2a8d34eeb2",
"md5": "76c88b81a55dc272b1edb30627ac46b6",
"sha256": "f45677be4b263bba695d84207a03c88913f7fbe1304f8d65d4e50a504790e663"
},
"downloads": -1,
"filename": "abuseACL-1.1.2.tar.gz",
"has_sig": false,
"md5_digest": "76c88b81a55dc272b1edb30627ac46b6",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6, <4",
"size": 26654,
"upload_time": "2023-12-20T09:38:23",
"upload_time_iso_8601": "2023-12-20T09:38:23.458664Z",
"url": "https://files.pythonhosted.org/packages/21/21/cdac30bf89a85b0e4a9718000da0f5802f64101ae73d056f7e2a8d34eeb2/abuseACL-1.1.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-12-20 09:38:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "AetherBlack",
"github_project": "abuseACL",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "abuseacl"
}