Launching HTB CWEE: Certified Web Exploitation Expert Learn More

DACL Attacks II

mini-module tag Mini-Module

In this second module on Discretionary Access Control Lists (DACLs), we delve into sophisticated attack techniques and strategies within Windows Active Directory environments. Building on the foundation laid in DACL Attacks I, this module explores other DACL misconfigurations and their exploitation. We also introduce methods for detecting and mitigating these DACL-based attacks, equipping learners with both offensive and defensive skills crucial for safeguarding and compromising Active Directory networks.


Created by plaintextHTB

Hard Offensive


The complexity of Discretionary Access Control Lists (DACLs) in Active Directory environments offers both opportunities and challenges for security professionals. However, DACL misconfigurations are often overlooked and can serve as potent vectors for attackers, enabling various forms of privilege escalation, lateral movement, and domain compromise.

In DACL Attacks II, we build on the concepts introduced in the first module, moving into more advanced topics and attack methods. This module covers attacks from Windows and Linux environments and includes the following sections:

  • Shadow Credential Attacks
  • Logon Script Attacks
  • SPN Jacking
  • sAMAccountName Spoofing
  • Introduction to GPO
  • GPO Attacks
  • Detection and mitigation strategies for DACL Attacks

This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques that we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.

As you work through the module, you will see example commands and command output for the topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section.

The module is classified as Hard as it assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.

A firm grasp of the following modules can be considered a prerequisite for the successful completion of this module:

Introduction to DACL Attacks II

Within the complex landscape of Windows security, understanding which types of Discretionary Access Control Lists (DACLs) can be abused is vital for both defenders and attackers. DACLs are an essential component of security descriptors, which dictate principals' permissions and access rights to system objects. This module will explore several attack techniques that exploit vulnerabilities related to DACLs, enabling students to understand better how DACL configurations can be abused.

Building on the foundational knowledge established in DACL Attacks I, this module covers more DACL abuse, continuing to explore techniques that exploit DACL misconfigurations, providing students with an understanding of how attackers leverage these vulnerabilities to compromise system security.

In this module, we will cover:

  • Shadow Credential Attacks: These techniques utilize DACLs to add alternate credentials in the msDS-KeyCredentialLink attribute in Windows Active Directory to gain control over user or computer accounts.
  • Logon Scripts: We examine how attackers can exploit DACLs governing logon scripts to execute arbitrary commands across multiple user sessions.
  • SPN Jacking: This section explores the manipulation of Service Principal Names (SPNs) enabled by improper DACL configurations, which can lead to dangerous impersonation attacks within a domain.
  • GPO Understanding and Abuse: Students will learn about the critical role of Group Policy Objects (GPOs) and how their DACL misconfigurations can lead to different attacks.
  • sAMAccountName Spoofing: This topic addresses how DACL manipulation can allow attackers to change sAMAccountName attributes, impersonating domain controllers to escalate their privileges.

Other DACL attacks that were not covered on DACL I & II are included within other modules such as Kerberos Attacks, Active Directory Enumeration and Attacks, Active Directory BloodHound, etc.

As threats evolve and new attack vectors emerge, we are committed to continuously updating this module with the latest information and techniques related to DACL attacks. This commitment ensures that our content remains relevant and provides cutting-edge knowledge to counteract emerging security challenges in cybersecurity effectively.

Coming Next

Our next step is to apply the concepts of DACL exploitation techniques through hands-on exercises. We will guide you in enumerating and abusing DACLs using Linux and Windows. This practical application will reinforce your theoretical understanding and equip you with the necessary skills to identify and mitigate DACL misconfigurations in real-world scenarios.

Sign Up / Log In to Unlock the Module

Please Sign Up or Log In to unlock the module and access the rest of the sections.