# GenericWrite Exploit ## What are Generic rights? Generic rights include GenericAll and GenericWrite, which implicitly grant particular object-specific rights. The control rights we care about are WriteDacl and WriteOwner, which allow for the modification of the DACL and the owner of an object, respectively. Since the owner of an Active Directory object implicitly grants complete control of an object, ownership modification is a valuable object takeover primitive. ## Scenario: You have managed to compromise an account belonging to Claire. Your goal is to gain access to the Backup\_Admins group. The user has **generic write** access to the group . Generic Write access grants you the ability to write to any non-protected attribute on the target object, including **"members" for a group**, and "serviceprincipalnames" for a user. ![Attack Path](/files/-MQDPrmsAQfv285AP6hj) Guided by the [*An Ace Up The Sleeve*](https://www.specterops.io/assets/resources/an_ace_up_the_sleeve.pdf) article, we can update the `BACKUP_ADMINS`object's attributes since we have the `GenericWrite` permissions. ![Current Users in the Backup Admins Group](/files/-MQDQ-HUeqSL5ZveSO2P) ![Successfully Added Claire to the Backup\_Admins Group](/files/-MQDQ6iUFVAYFISX54gN) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zflemingg1.gitbook.io/undergrad-tutorials/active-directory-acl-abuse/genericwrite-exploit.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.