Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exchange Recipient Administrators #5

Open
SimonGurney opened this issue Nov 19, 2019 · 1 comment
Open

Exchange Recipient Administrators #5

SimonGurney opened this issue Nov 19, 2019 · 1 comment
Labels
Waiting for contributor feedback

Comments

@SimonGurney
Copy link

Running ACLight suggests "Exchange Recipient Administrators" has generic_all permissions over "Organization Admins" but it does not. Equally I don't think "Organization Admins" provides a route to domain admin.

Reviewing the results, its because (I think) because of generic_all rights on sensitive groups with the object "ms-Exch-Dynamic-Distribution-List". Is this a false positive?
@Hechtov
Copy link
Collaborator

Hechtov commented Nov 27, 2019

Hi @SimonGurney, can you share the results file with us?
Inside the folder of zBang, search for the folder of "ACLight" results, there should be csv files there. Please send it to [email protected].
Then I could see the exact path to admins that the tool discovered and share with you more insights.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Waiting for contributor feedback
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Hechtov @SimonGurney @yanivyakobovich