#
dacledit.py
This helps read/write DACLs!
This came in real handy in this tale of pentest pwnage where I had full write access to the MSOL-SYNC-ACCOUNT. I used dacledit.py
to grant my LOWPRIV account full access to the MSOL-SYNC-ACCOUNT like so:
The write
action made a backup of the DACL by default, but I still made a manual backup first just because I'm paranoid. You know what they say though, right? Two backups are better than no backups!
dacledit.py -action 'write' -rights 'FullControl' -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4