ACL Enumeration

PowerView Enumeration

Get the ACLs associated with the specified object (groups)

Get-ObjectAcl -SamAccountName student1 -ResolveGUIDs
Get-ObjectAcl -ADSprefix 'CN=Administrator,CN=Users' -Verbose

We can also enumerate ACLs using ActiveDirectory module but without resolving GUIDs

(Get-Acl "AD:\CN=Administrator, CN=Users, DC=dollarcorp, DC=moneycorp,DC=local").Access
Get-ObjectAcl -ADSpath "LDAP://CN=Domain Admins,CN=Users,DC=dollarcorp,DC=moneycorp,DC=local" -ResolveGUIDs -Verbose

Search for interesting ACEs

Invoke-ACLScanner -ResolveGUIDs

Get the ACLs associated with the specified path

Get-PathAcl -Path "\\dcorp-dc.dollarcorp.moneycorp.local\sysvol"

Last updated