<p align="center">
A python script to automatically list vulnerable Windows ACEs/ACLs.
<br>
<img alt="PyPI" src="https://img.shields.io/pypi/v/abuseACL">
<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/AetherBlack/abuseACL">
<a href="https://twitter.com/intent/follow?screen_name=san__yohan" title="Follow"><img src="https://img.shields.io/twitter/follow/san__yohan?label=AetherBlack&style=social"></a>
<br>
</p>
## Installation
You can install it from pypi (latest version is <img alt="PyPI" src="https://img.shields.io/pypi/v/abuseACL">) with this command:
```bash
sudo python3 -m pip install abuseACL
```
OR from source :
```bash
git clone https://github.com/AetherBlack/abuseACL
cd abuseACL
sudo python3 -m pip install -r requirements.txt
sudo python3 setup.py install
```
OR with pipx :
```bash
python3 -m pipx install git+https://github.com/AetherBlack/abuseACL/
```
## Examples
- You want to list vulnerable ACEs/ACLs for the current user :
```bash
abuseACL $DOMAIN/$USER:"$PASSWORD"@$TARGET
```
- You want to list vulnerable ACEs/ACLs for another user/computer/group :
```bash
abuseACL -principal Aether $DOMAIN/$USER:"$PASSWORD"@$TARGET
```
- You want to list vulnerable ACEs/ACLs for a list of users/computers/groups :
```bash
abuseACL -principalsfile accounts.txt $DOMAIN/$USER:"$PASSWORD"@$TARGET
```
Here is an example of `principalsfile` content:
```
Administrateur
Group
aether
Machine$
```
- You want to list vulnerable ACEs/ACLs on Schema or on adminSDHolder :
```bash
abuseACL -extends $DOMAIN/$USER:"$PASSWORD"@$TARGET
```
You can look in the documentation of [DACL](https://www.thehacker.recipes/a-d/movement/dacl) to find out how to exploit the rights and use [dacledit](https://github.com/ThePorgs/impacket/blob/master/examples/dacledit.py) to exploit the ACEs.
## How it works
The tool will connect to the DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor, which will be parsed to check for vulnerable rights.
---
## Credits
- [@_nwodtuhs](https://twitter.com/_nwodtuhs) for the helpful [DACL](https://www.thehacker.recipes/a-d/movement/dacl) documentation
- [@fortra](https://github.com/fortra/) for developping [impacket](https://github.com/fortra/impacket)
## License
[GNU General Public License v3.0](./LICENSE)
Raw data
{
"_id": null,
"home_page": "https://github.com/AetherBlack/abuseACL",
"name": "abuseACL",
"maintainer": null,
"docs_url": null,
"requires_python": "<4,>=3.6",
"maintainer_email": null,
"keywords": "abuseACL ActiveDirectory AD",
"author": "Aether",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/04/f4/adeccb7e29a78c882f0e7ab2cbf7cae5b58405d3a1e87e4ba4b1435421f0/abuseacl-1.2.0.tar.gz",
"platform": null,
"description": "\n\n<p align=\"center\">\n A python script to automatically list vulnerable Windows ACEs/ACLs.\n <br>\n <img alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/abuseACL\">\n <img alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/AetherBlack/abuseACL\">\n <a href=\"https://twitter.com/intent/follow?screen_name=san__yohan\" title=\"Follow\"><img src=\"https://img.shields.io/twitter/follow/san__yohan?label=AetherBlack&style=social\"></a>\n <br>\n</p>\n\n## Installation\n\nYou can install it from pypi (latest version is <img alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/abuseACL\">) with this command:\n\n```bash\nsudo python3 -m pip install abuseACL\n```\n\nOR from source :\n\n```bash\ngit clone https://github.com/AetherBlack/abuseACL\ncd abuseACL\nsudo python3 -m pip install -r requirements.txt\nsudo python3 setup.py install\n```\n\nOR with pipx :\n\n```bash\npython3 -m pipx install git+https://github.com/AetherBlack/abuseACL/\n```\n\n## Examples\n\n- You want to list vulnerable ACEs/ACLs for the current user :\n\n```bash\nabuseACL $DOMAIN/$USER:\"$PASSWORD\"@$TARGET\n```\n\n\n\n- You want to list vulnerable ACEs/ACLs for another user/computer/group :\n\n```bash\nabuseACL -principal Aether $DOMAIN/$USER:\"$PASSWORD\"@$TARGET\n```\n\n\n\n- You want to list vulnerable ACEs/ACLs for a list of users/computers/groups :\n\n```bash\nabuseACL -principalsfile accounts.txt $DOMAIN/$USER:\"$PASSWORD\"@$TARGET\n```\n\nHere is an example of `principalsfile` content:\n\n```\nAdministrateur\nGroup\naether\nMachine$\n```\n\n\n\n- You want to list vulnerable ACEs/ACLs on Schema or on adminSDHolder :\n\n```bash\nabuseACL -extends $DOMAIN/$USER:\"$PASSWORD\"@$TARGET\n```\n\n\n\nYou can look in the documentation of [DACL](https://www.thehacker.recipes/a-d/movement/dacl) to find out how to exploit the rights and use [dacledit](https://github.com/ThePorgs/impacket/blob/master/examples/dacledit.py) to exploit the ACEs.\n\n## How it works\n\nThe tool will connect to the DC's LDAP to list users/groups/computers/OU/certificate templates and their nTSecurityDescriptor, which will be parsed to check for vulnerable rights.\n\n---\n\n## Credits\n\n- [@_nwodtuhs](https://twitter.com/_nwodtuhs) for the helpful [DACL](https://www.thehacker.recipes/a-d/movement/dacl) documentation\n- [@fortra](https://github.com/fortra/) for developping [impacket](https://github.com/fortra/impacket)\n\n## License\n\n[GNU General Public License v3.0](./LICENSE)\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "List vulnerable ACL.",
"version": "1.2.0",
"project_urls": {
"Bug Tracker": "https://github.com/AetherBlack/abuseACL/issues",
"Homepage": "https://github.com/AetherBlack/abuseACL"
},
"split_keywords": [
"abuseacl",
"activedirectory",
"ad"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a6a7106c708efda11f2c9d531c3a8a44ebc7ed225e07613b3dca866bc892d158",
"md5": "4864681db772f16f1aa0ff190301bf7a",
"sha256": "68c0244d3f2af926e48399847a0922a94f4362edce6b0f89a941a8896998875a"
},
"downloads": -1,
"filename": "abuseACL-1.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4864681db772f16f1aa0ff190301bf7a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4,>=3.6",
"size": 32244,
"upload_time": "2024-12-06T12:57:57",
"upload_time_iso_8601": "2024-12-06T12:57:57.538597Z",
"url": "https://files.pythonhosted.org/packages/a6/a7/106c708efda11f2c9d531c3a8a44ebc7ed225e07613b3dca866bc892d158/abuseACL-1.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "04f4adeccb7e29a78c882f0e7ab2cbf7cae5b58405d3a1e87e4ba4b1435421f0",
"md5": "4c26bade0e5c7fbaa93f35c81963dd4f",
"sha256": "2ede8976195218dc3a5a9ae23a6a4a94350cc87c74d8085c068b5d44e89ba6b7"
},
"downloads": -1,
"filename": "abuseacl-1.2.0.tar.gz",
"has_sig": false,
"md5_digest": "4c26bade0e5c7fbaa93f35c81963dd4f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4,>=3.6",
"size": 27156,
"upload_time": "2024-12-06T12:57:59",
"upload_time_iso_8601": "2024-12-06T12:57:59.095595Z",
"url": "https://files.pythonhosted.org/packages/04/f4/adeccb7e29a78c882f0e7ab2cbf7cae5b58405d3a1e87e4ba4b1435421f0/abuseacl-1.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-06 12:57:59",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "AetherBlack",
"github_project": "abuseACL",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "impacket",
"specs": []
},
{
"name": "colorama",
"specs": []
},
{
"name": "pycryptodome",
"specs": []
}
],
"lcname": "abuseacl"
}
JSON
