■ ■ ■ ■ ■ ■
ansible/roles/acl/tasks/main.yml
| skipped 32 lines |
33 | 33 | | # https://sensepost.com/blog/2020/ace-to-rce/ |
34 | 34 | | # https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-active-directory-acls-aces |
35 | 35 | | # https://adsecurity.org/?p=3658 |
| 36 | + | # https://docs.microsoft.com/en-us/previous-versions/tn-archive/ff405676(v=msdn.10) |
36 | 37 | | |
37 | 38 | | - name: set acl |
38 | 39 | | ansible.windows.win_powershell: |
| skipped 71 lines |
110 | 111 | | to: "{{item.value.to}}" |
111 | 112 | | right: "{{item.value.right}}" |
112 | 113 | | inheritance: "{{item.value.inheritance}}" |
| 114 | + | vars: |
| 115 | + | ansible_become: yes |
| 116 | + | ansible_become_method: runas |
| 117 | + | ansible_become_user: "{{domain_username}}" |
| 118 | + | ansible_become_password: "{{domain_password}}" |
113 | 119 | | with_dict: "{{ ad_acls }}" |