pyGPOAbuse icon indicating copy to clipboard operation
pyGPOAbuse copied to clipboard
verified publisher icon Hackndo

Adding filters

Open alhkytran opened this issue 1 year ago • 2 comments

This pull request was created to add filters to GPOs I added the flags -FIlterUser and -FilterComputer to choose the kind of filter. Then you need to add -Samaccount and -SID to fill the user or computer info which is affected by the GPO. Other option is to use the flag -file to add more than one filters, the format of the file would be one SAMACCOUNT:SID per line.

In addition I added the flag -TV for change the Task version because is necessary to modify it with each GPO modification

An execution example would be: pygpoabuse.py DOMAIN/USER -gpo-id "GPO-ID" -powershell -command "cmd.exe /c calc.exe" -taskname "GPOAbuses" -user -dc-ip DC_IP -FilterUser -Samaccount USER_SAMACCOUNT_GPO_AFFECTED -SID USER_SID_GPO_AFFECTED -TV "1.6" -v -f

alhkytran avatar Nov 20 '24 11:11 alhkytran

This looks like a great idea but are you sure for FilterComputer that User should appear in the xml, which it does, as GPT suggests otherwise (FilterComputer) and I couldnt get it working?

Cyb3rC3lt avatar Jun 14 '25 08:06 Cyb3rC3lt

Hello, thanks for your PR. I'll try and have a look, but I'm not really maintaining this project. How confident are you in this PR regarding side effects? Thank you

Hackndo avatar Sep 19 '25 13:09 Hackndo