Skip to content

Instantly share code, notes, and snippets.

@jaredcatkinson

jaredcatkinson/esxadmins.cypher

Last active August 3, 2024 23:33
Show Gist options
  • Save jaredcatkinson/8a6e0b1b7b91837b7de4b6a8544ed52b to your computer and use it in GitHub Desktop.
Save jaredcatkinson/8a6e0b1b7b91837b7de4b6a8544ed52b to your computer and use it in GitHub Desktop.
Download ZIP
Find Attack Paths to the ESX ADMINS group
Raw
esxadmins.cypher
MATCH p=shortestPath((n:User{domain:'SEVENKINGDOMS.LOCAL'})-[:Owns|GenericAll|GenericWrite|WriteOwner|WriteDacl|MemberOf|ForceChangePassword|AllExtendedRights|AddMember|HasSession|Contains|GPLink|AllowedToDelegate|TrustedBy|AllowedToAct|AdminTo|CanPSRemote|ExecuteDCOM|HasSIDHistory|AddSelf|DCSync|ReadLAPSPassword|ReadGMSAPassword|DumpSMSAPassword|SQLAdmin|AddAllowedToAct|WriteSPN|AddKeyCredentialLink|SyncLAPSPassword|WriteAccountRestrictions|GoldenCert|ADCSESC1|ADCSESC3|ADCSESC4|ADCSESC5|ADCSESC6a|ADCSESC6b|ADCSESC7|ADCSESC9a|ADCSESC9b|ADCSESC10a|ADCSESC10b|ADCSESC13|DCFor*1..]->(m:Group {name:"ESX [email protected]"}))
RETURN p
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment