OAO (Operating Account Operators)
⚙️Operating Account Operators (OAO) is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc...
What is OAO?
Installing / Getting started
A quick guide of how to install and use OAO.
1. go install github.com/oppsec/OAO@latest 2. OAO -u domain.local/username:password@IP -g 'Domain Admins' -m add/rem
You can use
go install github.com/oppsec/OAO@latest to update the tool
- Golang installed on your machine
- An valid user on domain with LDAP access
- Interact direct with LDAP (not malicious)
- Windows shell don't required
- Extremely fast
- Low RAM and CPU usage
- Made in Golang
Attack Scenario & Suggestions
First of all, we suggest you use this tool in combination with BloodHound to easily find exploitable paths. You can find a real attack scenario in our article we used another version to just add a specific user to a group with high privileges and use DSync attack to extract the Domain Admin NTLM hash.
A quick guide of how to contribute with the project.
1. Create a fork from OAO repository 2. Download the project with git clone https://github.com/your/OAO.git 3. cd OAO/ 4. Make your changes 5. Commit and make a git push 6. Open a pull request
- The developer is not responsible for any malicious use of this tool.