ADExplorerSnapshot.py icon indicating copy to clipboard operation
ADExplorerSnapshot.py copied to clipboard

Published 20 hours ago verified publisher icon c3c

Fix: avoid sid=none in JSON output

Open AdrianVollmer opened this issue 2 years ago • 1 comments

I had an issue with the output files. Bloodhound would fail when importing. The message in the dev console said something like Cannot read property of null.

I found that the computers.json contained lines like this:

       "AllowedToDelegate": [
            "S-1-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
             null
      ],

This patch makes sure to add sids to the AllowedToDelegate list only if they are not Null (or empty).

I reckon this happens when the SID is from another domain.

AdrianVollmer avatar Jul 26 '22 12:07 AdrianVollmer

tested and confirmed fix allows data to be ingested correctly.

Relkci avatar Jul 29 '22 22:07 Relkci

These edits patch the BloodHound freezing issue but unintentionally result in incomplete data output. I opened a new PR that fixes the underlying issue, see #16.

adindrabkin avatar May 08 '23 17:05 adindrabkin

thanks for making this change, closing it in favour of #16

c3c avatar May 18 '23 12:05 c3c