# GenericAll

## Attacking

### How it works

GenericAll ACL is basicly all permissions. There are different ways of attacking different objects which are:

#### Groups

With these permission on a group you can add anyone to the group.

{% content-ref url="add-user-to-group-todo" %}
[add-user-to-group-todo](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/acl-abuses/add-user-to-group-todo)
{% endcontent-ref %}

#### Users

With GenericAll permission on a user you can do two things:

* Targeted kerberoast (set spn to user and kerberoast it)
* Change their password (This will deny access to the user and may raise red flags)

{% content-ref url="targeted-kerberoast-todo" %}
[targeted-kerberoast-todo](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/acl-abuses/targeted-kerberoast-todo)
{% endcontent-ref %}

{% content-ref url="forcechangepassword" %}
[forcechangepassword](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/acl-abuses/forcechangepassword)
{% endcontent-ref %}

#### Computers

With GenericAll permissions on a computerobject you can do two things:

* Read its LAPS password.
* Get access to the machine using Resource Based Constrained Delegation

{% content-ref url="../laps" %}
[laps](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/laps)
{% endcontent-ref %}

{% content-ref url="../delegation-attacks/resource-based-constrained-delegation/computeraccount-takeover" %}
[computeraccount-takeover](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/delegation-attacks/resource-based-constrained-delegation/computeraccount-takeover)
{% endcontent-ref %}

#### Domain object

In these GenericAll permissions the permissions DS-Replication-Get-Changes and Replication-Get-Changes-All rights are included. Giving you the ability to execute a DCSync attack.

{% content-ref url="get-changes" %}
[get-changes](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/acl-abuses/get-changes)
{% endcontent-ref %}

## References

{% embed url="<https://bloodhound.readthedocs.io/en/latest/data-analysis/edges.html#genericall>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/acl-abuses/genericall.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.