SharpGPO, SharpOU, OU move error and inheritance toggling #2
Description
Hi,
Thank you for this tool!
I have read you presentation How NTLM relay ruins your Exchange servers and became interested in the attack in which you create a new OU, grants yourself GenericAll rights, enables inheritance on that then move the Domain Controller OU into the new OU after which you can RBCD a DC. I have tested this attack and I have a few related questions and observations.
- In the Youtube video in which you show this attack you use a tool named SharpOU. This tool is nowhere to be found, however, I obviously found the tool in this/your repo, SharpGPO. Are they supposed to be the same? There are syntax differences. If not, where can I get the source code for SharpOU?
- In the video when you create a new OU using SharpOU, inheritance is automatically enabled. When I create a new OU using SharpGPO inheritance is not enabled. This prevents your attack from working. I can enable inheritance using Impacket's dacledit.py but that on the other hand cannot create new OUs... How come SharpOU enables inheritance but SharpGPO does not?
- Moving the OU Domain Controller to any other OU or container seems to no longer be allowed. In Group Policy Manager the "Move" command is not shown for the Domain Controller OU and when trying to move it using SharpGPO is seems the DC blocks that. I get the error "The server is unwilling to process the request". Is that your experience to or do I do something wrong?