⚙️ Operating Account Operators (OAO) is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc...
🕵️ OAO is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc... This tool has been developed and maintened by oppsec and mezzanine
A quick guide of how to install and use OAO.
1. go install github.com/oppsec/OAO@latest
2. OAO -u domain.local/username:password@IP -g 'Domain Admins' -m add/rem
You can use go install github.com/oppsec/OAO@latest
to update the tool
- Golang installed on your machine
- An valid user on domain with LDAP access
- Interact direct with LDAP (not malicious)
- Windows shell don't required
- Extremely fast
- Low RAM and CPU usage
- Made in Golang
First of all, we suggest you use this tool in combination with BloodHound to easily find exploitable paths. You can find a real attack scenario in our article we used another version to just add a specific user to a group with high privileges and use DSync attack to extract the Domain Admin NTLM hash.
A quick guide of how to contribute with the project.
1. Create a fork from OAO repository
2. Download the project with git clone https://github.com/your/OAO.git
3. cd OAO/
4. Make your changes
5. Commit and make a git push
6. Open a pull request
- The developer is not responsible for any malicious use of this tool.