fix adcs esc4 - Commit 3910494a - STRLCPY/GOAD

fix adcs esc4
Mayfly277 committed 2 years ago

3910494a

1 parent 297429f6

Total 2 files Show one by one

■ ■ ■ ■ ■ ■

ansible/ad-acl.yml

		skipped 12 lines
13	13		- { role: 'acl', tags: 'acl'}
14	14		vars:
15	15		ad_acls: "{{lab.domains[lab.hosts[dict_key].domain].acls}}"
	16	+	domain: "{{lab.hosts[dict_key].domain}}"
	17	+	domain_username: "{{domain}}\\Administrator"
	18	+	domain_password: "{{lab.domains[domain].domain_password}}"

■ ■ ■ ■ ■ ■

ansible/roles/acl/tasks/main.yml

		skipped 32 lines
33	33		# https://sensepost.com/blog/2020/ace-to-rce/
34	34		# https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-active-directory-acls-aces
35	35		# https://adsecurity.org/?p=3658
	36	+	# https://docs.microsoft.com/en-us/previous-versions/tn-archive/ff405676(v=msdn.10)
36	37
37	38		- name: set acl
38	39		ansible.windows.win_powershell:
		skipped 71 lines
110	111		to: "{{item.value.to}}"
111	112		right: "{{item.value.right}}"
112	113		inheritance: "{{item.value.inheritance}}"
	114	+	vars:
	115	+	ansible_become: yes
	116	+	ansible_become_method: runas
	117	+	ansible_become_user: "{{domain_username}}"
	118	+	ansible_become_password: "{{domain_password}}"
113	119		with_dict: "{{ ad_acls }}"

Please wait...

Page is in error, reload to recover