SharpHoundCommon
SharpHoundCommon copied to clipboard
BloodHoundAD
Common library used by SharpHound.
https://github.com/BloodHoundAD/BloodHound/issues/555 * Collection of the DS-Replication-Get-Changes-In-Filtered-Set ACE on domain objects. * This edge is only gathered to build SyncLAPSPassword relations on data import.
Added AllExtendedRights to computers even if LAPS is not installed in the environment.
This property set contains the `msDS-AllowedToActOnBehalfOfOtherIdentity` property so if you have write privs on this set you can configure RBCD. Will add a link to a blog soon with more...
The AllExtendedRights and UserForceChangePassword rights allow also to change the password of the computer. It will probably not be seen in production environment but can be useful in CTF.
The re-introduced method to get sessions using the Windows Remote Registry uses a regex to filter out user accounts: `SidRegex = new(@"S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$", RegexOptions.Compiled);` Line: [https://github.com/BloodHoundAD/SharpHoundCommon/blob/3cedabb8ca96b223a0eaae2ad8ef8a3176ab3e82/src/CommonLib/Processors/ComputerSessionProcessor.cs#L15](url) This regex will also find...
The ACL Processor collects GenericAll, WriteDACL and WriteOwner ACLs on all object types. For GenericWrite and WriteProperty, it collects the ACLs only for User, Group and Computer (and to some...
The GPOLocalGroup processor crashes when ResolveAccountName fails to resolve the member name and this stops processing for the GPO entirely. One such case I've seen is when the group name...
Had a case where sharphound would return invalid username and password. To fix the issue I had to provide ldap credentials to DirectoryEntry similar as in the [GetDomain](https://github.com/BloodHoundAD/SharpHoundCommon/blob/v3/src/CommonLib/LDAPUtils.cs#L1140) function
The msPKI-RA-Application-Policies attribute has two different syntaxes. This change implements parsing of the second syntax described here: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/c55ec697-be3f-4117-8316-8895e4399237 The result is that we no longer get strings like this (if...
We check if principals are added to local groups such as Administrators through linked GPOs and create edges like AdminTo based on that with the function `ReadGPOLocalGroups`: https://github.com/BloodHoundAD/SharpHoundCommon/blob/ed7b3916d304c9dba901cf58876607bb0576610e/src/CommonLib/Processors/GPOLocalGroupProcessor.cs#L63 We should...