From 24f07cca5a4f0e6330074e5c90013d5024a69747 Mon Sep 17 00:00:00 2001 From: Jonas Knudsen Date: Fri, 27 Oct 2023 07:49:16 -0700 Subject: [PATCH 1/4] BED-3868: Build contains edges from DNs --- src/Runtime/ObjectProcessors.cs | 25 +++++++++++++++++++++---- src/Writers/JsonDataWriter.cs | 2 +- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs index 3282a68..459f6bb 100644 --- a/src/Runtime/ObjectProcessors.cs +++ b/src/Runtime/ObjectProcessors.cs @@ -135,6 +135,11 @@ private async Task ProcessUserObject(ISearchResultEntry entry, ret.SPNTargets = targets.ToArray(); } + if ((_methods & ResolvedCollectionMethod.Container) != 0) + { + ret.ContainedBy = _containerProcessor.GetContainingObject(entry.DistinguishedName); + } + return ret; } @@ -183,6 +188,11 @@ private async Task ProcessComputerObject(ISearchResultEntry entry, ret.DumpSMSAPassword = computerProps.DumpSMSAPassword; } + if ((_methods & ResolvedCollectionMethod.Container) != 0) + { + ret.ContainedBy = _containerProcessor.GetContainingObject(entry.DistinguishedName); + } + if (!_methods.IsComputerCollectionSet()) return ret; @@ -306,6 +316,11 @@ private Group ProcessGroupObject(ISearchResultEntry entry, } } + if ((_methods & ResolvedCollectionMethod.Container) != 0) + { + ret.ContainedBy = _containerProcessor.GetContainingObject(entry.DistinguishedName); + } + return ret; } @@ -368,7 +383,6 @@ private async Task ProcessDomainObject(ISearchResultEntry entry, if ((_methods & ResolvedCollectionMethod.Container) != 0) { - ret.ChildObjects = _containerProcessor.GetContainerChildObjects(resolvedSearchResult, entry).ToArray(); ret.Links = _containerProcessor.ReadContainerGPLinks(resolvedSearchResult, entry).ToArray(); } @@ -410,7 +424,11 @@ private GPO ProcessGPOObject(ISearchResultEntry entry, ret.Properties); } } - + + if ((_methods & ResolvedCollectionMethod.Container) != 0) + { + ret.ContainedBy = _containerProcessor.GetContainingObject(entry.DistinguishedName); + } return ret; } @@ -447,7 +465,6 @@ private async Task ProcessOUObject(ISearchResultEntry entry, if ((_methods & ResolvedCollectionMethod.Container) != 0) { - ret.ChildObjects = _containerProcessor.GetContainerChildObjects(resolvedSearchResult, entry).ToArray(); ret.Properties.Add("blocksinheritance", ContainerProcessor.ReadBlocksInheritance(entry.GetProperty("gpoptions"))); ret.Links = _containerProcessor.ReadContainerGPLinks(resolvedSearchResult, entry).ToArray(); @@ -477,7 +494,7 @@ private Container ProcessContainerObject(ISearchResultEntry entry, ret.Properties.Add("highvalue", false); if ((_methods & ResolvedCollectionMethod.Container) != 0) - ret.ChildObjects = _containerProcessor.GetContainerChildObjects(entry.DistinguishedName).ToArray(); + ret.ContainedBy = _containerProcessor.GetContainingObject(entry.DistinguishedName); if ((_methods & ResolvedCollectionMethod.ACL) != 0) { diff --git a/src/Writers/JsonDataWriter.cs b/src/Writers/JsonDataWriter.cs index 821c9af..8698aac 100644 --- a/src/Writers/JsonDataWriter.cs +++ b/src/Writers/JsonDataWriter.cs @@ -22,7 +22,7 @@ public class JsonDataWriter : BaseWriter private string _fileName; private JsonSerializerSettings _serializerSettings; - private const int DataVersion = 5; + private const int DataVersion = 6; /// /// Creates a new instance of a JSONWriter using the specified datatype and program context From de672753a14c0d325366bf3ed0ffa7b9fab39e24 Mon Sep 17 00:00:00 2001 From: Jonas Knudsen Date: Tue, 31 Oct 2023 13:25:23 -0700 Subject: [PATCH 2/4] fix: add all obj classes to container collection --- src/Producers/BaseProducer.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Producers/BaseProducer.cs b/src/Producers/BaseProducer.cs index 7854fab..4984c2d 100644 --- a/src/Producers/BaseProducer.cs +++ b/src/Producers/BaseProducer.cs @@ -76,7 +76,7 @@ protected LDAPData CreateLDAPData() { if ((methods & ResolvedCollectionMethod.Container) != 0) { - query = query.AddContainers().AddDomains(); + query = query.AddComputers().AddContainers().AddUsers().AddGroups().AddDomains().AddOUs().AddGPOs(); props.AddRange(CommonProperties.ContainerProps); } From a0996c1570157dc744026befadeb5b12214202d4 Mon Sep 17 00:00:00 2001 From: Jonas Knudsen Date: Thu, 2 Nov 2023 02:43:04 -0700 Subject: [PATCH 3/4] fix: remove ContainsBy from GPOs and add to OUs --- src/Runtime/ObjectProcessors.cs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs index 459f6bb..f20e16b 100644 --- a/src/Runtime/ObjectProcessors.cs +++ b/src/Runtime/ObjectProcessors.cs @@ -425,11 +425,6 @@ private GPO ProcessGPOObject(ISearchResultEntry entry, } } - if ((_methods & ResolvedCollectionMethod.Container) != 0) - { - ret.ContainedBy = _containerProcessor.GetContainingObject(entry.DistinguishedName); - } - return ret; } @@ -465,6 +460,7 @@ private async Task ProcessOUObject(ISearchResultEntry entry, if ((_methods & ResolvedCollectionMethod.Container) != 0) { + ret.ContainedBy = _containerProcessor.GetContainingObject(entry.DistinguishedName); ret.Properties.Add("blocksinheritance", ContainerProcessor.ReadBlocksInheritance(entry.GetProperty("gpoptions"))); ret.Links = _containerProcessor.ReadContainerGPLinks(resolvedSearchResult, entry).ToArray(); From 33dfe9aedb1df15c59b2f9a18420b379c4137a1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20B=C3=BClow=20Knudsen?= <12843299+JonasBK@users.noreply.github.com> Date: Tue, 7 Nov 2023 10:19:21 +0100 Subject: [PATCH 4/4] remove version number from readme --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 5a1482d..88d9e8e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,3 @@ ---- -SharpHound Open Source Client version: 2.0.0 ---- - # SharpHound ![GitHub all releases](https://img.shields.io/github/downloads/BloodHoundAD/SharpHound/total)