BloodHound.py icon indicating copy to clipboard operation
BloodHound.py copied to clipboard

Published 20 hours ago verified publisher icon dirkjanm

add lapsv2 support

Open dadevel opened this issue 1 year ago • 4 comments
trafficstars

The name of the LDAP attributes changed from LAPS Legacy to LAPSv2. This PR adds checks for the new msLAPS-PasswordExpirationTime attribute.

References:

dadevel avatar Jan 09 '24 17:01 dadevel

hey, thanks for the PR, great idea to add this. A few issues come to mind looking at the code:

  • it should be a separate variable for laps v1 and laps v2 since if one is present in the schema it doesn't mean that the other is also present
  • I don't see any code added that actually queries this attribute when gathering computer objects (this is also the part that would include the correct attribute(s) based on which version of LAPS is there)

Am I missing something here or is this not yet present in the PR?

dirkjanm avatar Jan 10 '24 11:01 dirkjanm

Hey you're totally right, I added the missing part. But I'm not sure if something else is still missing, because I couldn't test it yet. Probably should've marked the PR as draft.

dadevel avatar Jan 10 '24 15:01 dadevel