msldap icon indicating copy to clipboard operation
msldap copied to clipboard
verified publisher icon skelsec

commented ntsecdesc type conversion so ACEs return.

Open sufnlower opened this issue 11 months ago • 3 comments

I stayed up all night playing a CTF and all I found was a hash.

sufnlower avatar Feb 03 '25 20:02 sufnlower

Hi skelsec, I made a pull request. Why did the enc dictionary of translations contain nTSecurityDescriptor and print out bad bytes? By commenting it out of there so the conversion fell through to the lookup table in the elif, the ACEs were loaded instead which is more useful information.

I like msldap because it works well which is what got me pulling on this thread.

sufnlower avatar Feb 03 '25 23:02 sufnlower

Hello, thank you for the PR!
May I ask what bad bytes are you referring to?
This PR will be rejected, because the nTSecurityDescriptor must be returning bytes or bytearray object, for two reasons:

  1. this would impact the API in a major way.
  2. Parsing nTSecurityDescriptor to an object takes a lof of resources, and some queroies could easily return hunderds of nTSecurityDescriptors which would slow down the app considerably

skelsec avatar Feb 04 '25 17:02 skelsec

No bad bytes. I misinterpreted them. I like the objects. I'll see if I can get my script to handle the bytes else use my fork which uses code you had already written but didn't appear to be using.

sufnlower avatar Feb 05 '25 02:02 sufnlower