Genericwrite

ACE to RCE

24 July 2020 ~13 min By Justin Perdok

Acl Active Directory Powershell Genericwrite Rcm

tl;dr: In this writeup I am going to describe how to abuse a GenericWrite ACE misconfiguration in Active Directory to run arbitrary executables. During a recent assessment I found a new way to abuse Access Control Entries in a misconfigured Active Directory instance. Before jumping into the juicy bits, I’d first like to explain what these misconfigurations are, how we find them and finally how to abuse them. If you have preexisting knowledge on this topic you can jump to the section titled ‘A new way of abusing GenericWrite‘.

Acl
Active Directory
Powershell
Genericwrite
Rcm

Page 1 of 1