BloodHound
BloodHound copied to clipboard
BloodHoundAD
Incomplete JSON files in v1.0.2
I have the latest ver. 4.1.0 and SharpHound v1.0.2. The old SharpHound is not compatible, I can't upload ( file created from incompatible collector ) Do you have any idea on the issue? Thanks
Wait a minute - why is the problem ticket "Unable to connect to LDAP" but you're saying that the upload functionality doesn't work?
Can you check the meta tag at the bottom of the json files and see what the version is? There weren't any changes made to json output in v1.0.2
I have this
{
"users": [
{
"Properties": {
"domain": "RESOURCED.LOCAL",
"objectsid": "S-1-5-21-537427935-490066102-1511301751-500",
"highvalue": false,
"enabled": true,
"lastlogon": 1645054574,
"pwdlastset": 1644600080,
"serviceprincipalnames": [],
"hasspn": false,
"displayname": null,
"email": null,
"title": null,
"homedirectory": null,
"description": "Built-in account for administering the computer/domain",
"userpassword": null,
"sensitive": false,
"dontreqpreauth": false,
"admincount": true
},
Looks like the json file didn't complete writing for some reason. Were there any exceptions when running?
If you can dm me on the BloodHound slack, I have a test binary that might fix the issue
RROR|Unable to connect to LDAP, verify your credentials
Although I am not providing any LDAP user credentials.
Right in the middle of my second OSEP attempt! Can someone recommend a combination that doesn't have this error? Like... fast?
You can try the binary here: https://github.com/BloodHoundAD/SharpHound/releases/tag/rolling
You could try Bloodhound Ingestors Sample Command
bloodhound-python -d htb.local -u [email protected] -p s3rvice -gc forest.htb.local -c all -ns 10.10.10.161 -v
This looks like it's still an issue with the current release of sharphound.
I've been unable to reproduce this in any of my testing, the newer version of SharpHound seems to be writing out JSON files accurately.
HI @rvazarkar, I do have the same issue, I am currently doing the Forest Hack the box machine, I got access with evil-winrm, and I imported the SharpHound.ps1 script that gave me a zip file which I then unzip to have the JSON files, and then I imported those json files to Bloodhound but I have the incompatible collector error, Also I tried the bloodhound-python which work when I imported the json files to bloodhound but the json files that bloodhound-python gave me it does not have the valuable info that sharphound gave me, and the Sharphound.exe is not a valid format for evil-winrm, it has to be ps1. so I am running out of options here, my bloodhound version is 4.1.0, and sharphound.ps1 was last updated in 2020? because in the latest release like I said I only saw sharphound.exe no sharphound.ps1.
There is no SharpHound.ps1 for the newest version, so you're using an out of date collector.
There is no SharpHound.ps1 for the newest version, so you're using an out of date collector
Yes, that's what I said, in that case, what would you recommend because evil-winrm does not support .exe files like Sharphound.exe latest version, It supports .ps1 that currently does not exist. Any collector that might work with bloodhound?
im running this
bloodhound-python -u $user -p $pass -d $domain.local -ns $i -c All
trying to import via json files individually and a zipped folder all together and i get this error
"file created from incompatible collector"
This was working a week ago. I have other databases in there.
Right in the middle of my second OSEP attempt! Can someone recommend a combination that doesn't have this error? Like... fast?
I was able to do a temporary workaround by dropping back to BH 3.0 for viewing.
@soufianetahiri ...I am having the same issue, i quess you are pawning blackfield from HTB because I got the same files and same NAN% error while trying to upload json files on bloodhound. Do you find any solution?
Not really it's was an actual engagement
On Sat, May 7, 2022, 09:21 DOP7 @.***> wrote:
@soufianetahiri https://github.com/soufianetahiri ...I am having the same issue, i quess you are pawning blackfield from HTB because I got the same files and same NAN% error while trying to upload json files on bloodhound
— Reply to this email directly, view it on GitHub https://github.com/BloodHoundAD/BloodHound/issues/516#issuecomment-1120154307, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEHION37ZC2A4EFE45LFB2DVIYKZBANCNFSM5OTFMG3A . You are receiving this because you were mentioned.Message ID: @.***>
@soufianetahiri ..so did u use anything else to view the json files ??...any other method?plz tell
No.. just switched to an outdated version from an old vm sorry.
On Sat, May 7, 2022, 16:54 DOP7 @.***> wrote:
@soufianetahiri https://github.com/soufianetahiri ..so did u use anything else to view the json files ??...any other method?plz tell
— Reply to this email directly, view it on GitHub https://github.com/BloodHoundAD/BloodHound/issues/516#issuecomment-1120223166, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEHION7GHO6UJPKV5EGTVDDVIZ74DANCNFSM5OTFMG3A . You are receiving this because you were mentioned.Message ID: @.***>
@docsewell ...thanks installing bloodhound 3 did resolve viewing JSON files but it does not show :
got it find the solution:
Found it , I installed the BloodHound version 4.0.3 and it did import the files successfully and i can see the relationships, first degree object, everyone is facing issue with new BH realease 4.1.0
Closing this as I've been unable to reproduce this outside of the broken Kali binary
~~@[rvazarkar] what broken _Kali_ binary are you referring to? https://bloodhound.readthedocs.io/en/latest/installation/linux.html#download-the-bloodhound-gui points to the binary assets directly[, that don't seem to be distro-specific: releases/download/4.1.0/BloodHound-linux-x64.zip??]~~
Must be referring to apt install bloodhound which delivers 4.1.0-0kali (still on 1-aug)
Has anyone seen [this issue] with a binary from the repo? with 4.1.1?
~@[rvazarkar] what
broken _Kali_ binaryare you referring to? https://bloodhound.readthedocs.io/en/latest/installation/linux.html#download-the-bloodhound-gui points to the binary assets directly[, that don't seem to be distro-specific: releases/download/4.1.0/BloodHound-linux-x64.zip??]~ Must be referring toapt install bloodhoundwhich delivers4.1.0-0kali(still on 1-aug)Has anyone seen [this issue] with a binary from the repo? with 4.1.1?
Yes.
I noticed it says SharpHound.exe is compatible with "4.2 Release of Bloodhound", but this is what got installed with "apt install"
