Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Data format for domain trusts #33

Closed
scaise opened this issue Oct 25, 2022 · 2 comments
Closed

Data format for domain trusts #33

scaise opened this issue Oct 25, 2022 · 2 comments

Comments

@scaise
Copy link

scaise commented Oct 25, 2022

Hello,

Just wondered if I could get some clarification from somebody more in the know than myself. I've recently been working with Domain Trusts and have a similar issue to: dirkjanm/BloodHound.py#84 (comment)

When looking for domain trusts in Bloodhound, I was not seeing anything. I know they exist as I've enumerated trusts using another tool but when loading Sharphound data into Bloodhound the trusts are not displayed.

I came across the issue linked above whereby Bloodhound.py was using int values to identify trust directions and types. This was confirmed as a bug and fixed.

I appear to be having the same issues with Sharphound. The data is displayed as an integer, when bloodhound is looking for a string, see below:

{ "TargetDomainSid": "redacted", "TargetDomainName": "redacted", "IsTransitive": true, "SidFilteringEnabled": false, "TrustDirection": 1, "TrustType": 4 }

When the above is loaded into Bloodhound, the trusts are not displayed. If I manually modify this with the correct string as shown below, Bloodhound displays the trust:

{ "TargetDomainSid": "redacted", "TargetDomainName": "redacted", "IsTransitive": true, "SidFilteringEnabled": false, "TrustDirection": "Inbound", "TrustType": "Forest" }

Is this also a bug in Sharphound, or is there something I'm missing here?

@JonasBK
Copy link
Collaborator

JonasBK commented Apr 27, 2023

Hi @scaise,

Thanks for reporting the issue.

I think someone changed SharpHoundCommon without updating BloodHound 🙃
It will be fixed with this commit: SpecterOps/BloodHound-Legacy@7d3c0fb

I will close this issue when 4.3.1 is released.

@rvazarkar
Copy link
Contributor

Fixed in SharpHound v2.0.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants