Pentesting and Red Teaming Notes
  • 🖥️Pentesting and Red Teaming Cheatsheet
  • Web Application Pentesting(BlackBox)
    • SQL Injection
    • Blind SQL Injection
    • Path Traversal
    • Attacking Authentication
    • Race Conditions
    • Business Logic Vulnerabilities
    • Command Injections
    • Information disclosure
    • Access Controls
    • File upload Attacks
    • XXE
    • Server Side Request Forgery
    • Api Testing
    • noSQL
    • DOM based vulnerabilities
    • Cross Site scripting
  • Infrastructure Pentesting
    • Windows Privilege Escalation
    • Attacking Active Directory
    • File Transfers and Download
    • Pivoting(Tunneling and Port Forwarding)
    • Linux Privilege Escalation
    • Stealing NTLM hashes
    • Tricks and Tips
  • Active Directory Pentesting
    • powershell theory
    • Methodology
    • domain enumeration
    • File Transfer
    • PowerShell ADModule
    • Local Privilege Escalation
    • PowerView Commands
    • ACLs Descriptions
    • ACLs Abuse
    • ACL
    • Trusts
    • User Hunting
    • group policy
    • Mimikatz
    • BloodHound
    • LateralMovement
    • Kerberoasting
    • defense bypasses
    • Set-SPN
    • ASREProasting
    • Unconstrained Delegation
    • Constrained Delegation
    • Resource Based Constrained Delegation
    • AD CS
    • Persistance
    • Priv Esc Trusts Inside Forest
    • MSSQL Servers
    • Priv Esc Trusts Across Forest
    • Tips And Tricks
    • Service Tickets and Abuses
  • Reconnaissance
    • Web Application Reconnaissance
    • External Reconnaissance
Powered by GitBook
On this page
  • GenericWrite:
  • GenericAll:
  • WriteDacl:
  • AllExtendedRights:
  • WriteOwner:
  • Owns:
  • DCSync:
  1. Active Directory Pentesting

ACLs Descriptions

GenericWrite:

GenericWrite is a permission in an Access Control List (ACL) that allows a user or group to modify the attributes of an object. This permission typically includes the ability to write or modify data, properties, and extended attributes of the object.

GenericAll:

GenericAll is a permission in an ACL that provides complete control over an object. It encompasses all permissions, such as read, write, execute, delete, modify, and take ownership. With GenericAll, a user or group can perform any operation on the object.

WriteDacl:

WriteDacl (Write Discretionary Access Control List) is a permission in an ACL that grants a user or group the ability to modify the discretionary access control list of an object. The discretionary access control list determines which users or groups have access to the object and what level of access they have.

AllExtendedRights:

AllExtendedRights is a special notation used in an ACL to grant all available extended rights to a user or group. Extended rights are additional privileges beyond the standard permissions, providing fine-grained control over an object. Granting AllExtendedRights gives the user or group all possible extended rights for that object.

WriteOwner:

WriteOwner is a permission in an ACL that allows a user or group to change the owner of an object. The owner of an object has full control over it and can modify its permissions, including granting or revoking access to other users or groups.

Owns:

"Owns" refers to the concept of having ownership rights over an object. When a user or group owns an object, they have full control and authority over it. This includes the ability to modify permissions, control access, and change security settings associated with the object.

DCSync:

DCSync is a technique used in Microsoft Active Directory environments where an attacker with sufficient privileges impersonates a Domain Controller (DC) and requests password data replication from other DCs. This attack allows the attacker to retrieve password hashes for user accounts, which can be used for various malicious purposes, such as password cracking or unauthorized access.

PreviousPowerView CommandsNextACLs Abuse