ADExplorerSnapshot.py
ADExplorerSnapshot.py copied to clipboard
c3c
Domain Trust relationships not added
Great script and possibility to gain bloodhound data without bloodhound. I have used this approach for the first time and it was really useful. I noticed a few missing things, maybe not all of them are possible to add but lets see.
Thirst missing relation is the domain trust relationship in a multi domain environment. The data for this is definitely there. Would be great if this would be parsed in future releases.
Thanks mate.
AD Explorer snapshots collect information from a single DC (and domain) only, so the information we get is limited. You could run additional snapshots against different DCs of linked domains and load the information in BloodHound.
domain trust relationship in a multi domain environment. The data for this is definitely there. Would be great if this would be parsed in future releases.
We do parse domains/trusts available from the viewpoint of the DC you connect to (see here https://github.com/c3c/ADExplorerSnapshot.py/blob/main/adexpsnapshot/init.py#L644). In case links are missing, there might be an issue with the tool.
Note that AD Explorer only connects to LDAP, not the GC, so we unfortunately don't have data of other naming contexts.
Hi, thanks for your fast answers. Yes, the links are missing. The data is in the snapshot but not visualized in bloodhound. Tools Like adalanche for example are able to retrieve the data from the same snapshot
In that case, probably something that changed in the data format that BloodHound expects vs. what we output in the JSON file currently.
@c3c maybe this commit break trusts json file? https://github.com/BloodHoundAD/BloodHound/commit/7d3c0fb02cee29f62f18ceb3f9460ce51c8b4a0e
this was indeed due to an undocumented change in the bloodhound data format which broke how bloodhound.py handled this data. since this is now fixed in bloodhound.py it should also be fixed here assuming the latest version is used
