From 5a4a6bc2b4de3b8014b4ced5008bece4740fed76 Mon Sep 17 00:00:00 2001 From: rvazarkar Date: Mon, 25 Sep 2023 09:43:49 -0400 Subject: [PATCH 1/6] fix: add missing properties for unixuserpassword, mssfu30password, and unicodepassword to objectpropsprops fix: add new LAPS properties to BaseQueryProps to ensure new LAPS schema works chore: convert commonproperties to constants --- src/CommonLib/LDAPProperties.cs | 2 + src/CommonLib/LDAPQueries/CommonProperties.cs | 60 ++++++++++++------- 2 files changed, 41 insertions(+), 21 deletions(-) diff --git a/src/CommonLib/LDAPProperties.cs b/src/CommonLib/LDAPProperties.cs index fe36196d..76bacab6 100644 --- a/src/CommonLib/LDAPProperties.cs +++ b/src/CommonLib/LDAPProperties.cs @@ -13,6 +13,7 @@ public class LDAPProperties public const string GPLink = "gplink"; public const string TrustDirection = "trustdirection"; public const string TrustAttributes = "trustattributes"; + public const string TrustType = "trusttype"; public const string CanonicalName = "cn"; public const string GPCFileSYSPath = "gpcfilesyspath"; public const string Description = "description"; @@ -41,6 +42,7 @@ public class LDAPProperties public const string SecurityIdentifier = "securityidentifier"; public const string ObjectSID = "objectsid"; public const string ObjectGUID = "objectguid"; + public const string DistinguishedName = "distinguishedname"; public const string PrimaryGroupID = "primarygroupid"; public const string GroupPolicyOptions = "gpoptions"; public const string UnixUserPassword = "unixuserpassword"; diff --git a/src/CommonLib/LDAPQueries/CommonProperties.cs b/src/CommonLib/LDAPQueries/CommonProperties.cs index 0f9d5525..f3367799 100644 --- a/src/CommonLib/LDAPQueries/CommonProperties.cs +++ b/src/CommonLib/LDAPQueries/CommonProperties.cs @@ -3,61 +3,79 @@ public static class CommonProperties { public static readonly string[] TypeResolutionProps = - {"samaccounttype", "objectsid", "objectguid", "objectclass", "samaccountname", "msds-groupmsamembership"}; + { + LDAPProperties.SAMAccountType, LDAPProperties.ObjectSID, LDAPProperties.ObjectGUID, + LDAPProperties.ObjectClass, LDAPProperties.SAMAccountName, LDAPProperties.GroupMSAMembership + }; - public static readonly string[] ObjectID = {"objectsid", "objectguid"}; - public static readonly string[] ObjectSID = {"objectsid"}; - public static readonly string[] GPCFileSysPath = {"gpcfilesyspath"}; + public static readonly string[] ObjectID = { LDAPProperties.ObjectSID, LDAPProperties.ObjectGUID }; + public static readonly string[] ObjectSID = { LDAPProperties.ObjectSID }; + public static readonly string[] GPCFileSysPath = { LDAPProperties.GPCFileSYSPath }; public static readonly string[] BaseQueryProps = { - "objectsid", "distinguishedname", "objectguid", "ms-mcs-admpwdexpirationtime", "isDeleted", - "useraccountcontrol" + LDAPProperties.ObjectSID, LDAPProperties.DistinguishedName, LDAPProperties.ObjectGUID, + LDAPProperties.LegacyLAPSExpirationTime, LDAPProperties.LAPSExpirationTime, LDAPProperties.IsDeleted, + LDAPProperties.UserAccountControl }; public static readonly string[] GroupResolutionProps = { - "samaccountname", "distinguishedname", "samaccounttype", "member", "cn", "primarygroupid", "dnshostname" + LDAPProperties.SAMAccountName, LDAPProperties.DistinguishedName, LDAPProperties.SAMAccountType, + LDAPProperties.Members, LDAPProperties.CanonicalName, LDAPProperties.PrimaryGroupID, + LDAPProperties.DNSHostName }; public static readonly string[] ComputerMethodProps = { - "samaccountname", "distinguishedname", "dnshostname", "samaccounttype", "operatingsystem", "pwdlastset" + LDAPProperties.SAMAccountName, LDAPProperties.DistinguishedName, LDAPProperties.DNSHostName, + LDAPProperties.SAMAccountType, LDAPProperties.OperatingSystem, LDAPProperties.PasswordLastSet }; public static readonly string[] ACLProps = { - "samaccountname", "distinguishedname", "dnshostname", "samaccounttype", "ntsecuritydescriptor", - "displayname", "objectclass", "objectsid", "name" + LDAPProperties.SAMAccountName, LDAPProperties.DistinguishedName, LDAPProperties.DNSHostName, + LDAPProperties.SAMAccountType, LDAPProperties.SecurityDescriptor, + LDAPProperties.DisplayName, LDAPProperties.ObjectClass, LDAPProperties.ObjectSID, LDAPProperties.Name }; public static readonly string[] ObjectPropsProps = { - "samaccountname", "distinguishedname", "samaccounttype", "pwdlastset", "lastlogon", "lastlogontimestamp", - "objectsid", - "sidhistory", "dnshostname", "operatingsystem", - "operatingsystemservicepack", "serviceprincipalname", "displayname", "mail", "title", - "homedirectory", "description", "admincount", "userpassword", "gpcfilesyspath", "objectclass", - "msds-behavior-version", "objectguid", "name", "gpoptions", "msds-allowedToDelegateTo", - "msDS-AllowedToActOnBehalfOfOtherIdentity", "whenCreated", "msds-hostserviceaccount" + LDAPProperties.SAMAccountName, LDAPProperties.DistinguishedName, LDAPProperties.SAMAccountType, + LDAPProperties.PasswordLastSet, LDAPProperties.LastLogon, LDAPProperties.LastLogonTimestamp, + LDAPProperties.ObjectSID, + LDAPProperties.SIDHistory, LDAPProperties.DNSHostName, LDAPProperties.OperatingSystem, + LDAPProperties.ServicePack, LDAPProperties.ServicePrincipalNames, LDAPProperties.DisplayName, + LDAPProperties.Email, LDAPProperties.Title, + LDAPProperties.HomeDirectory, LDAPProperties.Description, LDAPProperties.AdminCount, + LDAPProperties.UserPassword, LDAPProperties.GPCFileSYSPath, LDAPProperties.ObjectClass, + LDAPProperties.DomainFunctionalLevel, LDAPProperties.ObjectGUID, LDAPProperties.Name, + LDAPProperties.GroupPolicyOptions, LDAPProperties.AllowedToDelegateTo, + LDAPProperties.AllowedToActOnBehalfOfOtherIdentity, LDAPProperties.WhenCreated, + LDAPProperties.HostServiceAccount, LDAPProperties.UnixUserPassword, LDAPProperties.MsSFU30Password, + LDAPProperties.UnicodePassword }; public static readonly string[] ContainerProps = { - "displayname", "name", "objectguid", "gplink", "gpoptions", "objectclass" + LDAPProperties.DisplayName, LDAPProperties.Name, LDAPProperties.ObjectGUID, LDAPProperties.GPLink, + LDAPProperties.GroupPolicyOptions, LDAPProperties.ObjectClass }; public static readonly string[] SPNTargetProps = { - "serviceprincipalname", "samaccountname", "samaccounttype" + LDAPProperties.ServicePrincipalNames, LDAPProperties.SAMAccountName, LDAPProperties.SAMAccountType }; public static readonly string[] DomainTrustProps = - {"trustattributes", "securityidentifier", "trustdirection", "trusttype", "cn"}; + { + LDAPProperties.TrustAttributes, LDAPProperties.SecurityIdentifier, LDAPProperties.TrustDirection, + LDAPProperties.TrustType, LDAPProperties.CanonicalName + }; public static readonly string[] GPOLocalGroupProps = { - "gplink", "name" + LDAPProperties.GPLink, LDAPProperties.Name }; } } \ No newline at end of file From 7fc421ce2603d448eba5daf07589c9733b42f50a Mon Sep 17 00:00:00 2001 From: rvazarkar Date: Tue, 26 Sep 2023 12:28:29 -0400 Subject: [PATCH 2/6] feat: publish packages to new nuget repo --- .github/workflows/publish.yml | 8 ++++++++ sleet.json | 11 +++++++++++ 2 files changed, 19 insertions(+) create mode 100644 sleet.json diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index be378cd4..9bd044e4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -49,6 +49,14 @@ jobs: - name: Publish NuGet run: dotnet nuget push *.nupkg -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_TOKEN }} --skip-duplicate + - name: Publish to SpecterOps Packages + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_KEY }} + run: | + dotnet tool install -g sleet + sleet push *.nupkg --skip-existing + ghpages: name: ghpages needs: nuget diff --git a/sleet.json b/sleet.json new file mode 100644 index 00000000..67932d2e --- /dev/null +++ b/sleet.json @@ -0,0 +1,11 @@ +{ + "sources": [ + { + "name": "feed", + "type": "s3", + "path": "https://s3.amazonaws.com/bloodhound-ad", + "region": "us-east-1", + "bucketName": "bloodhound-ad" + } + ] +} \ No newline at end of file From 2e099939a4cb1d246c8a9ef6e74e2004de403cbc Mon Sep 17 00:00:00 2001 From: rvazarkar Date: Tue, 26 Sep 2023 12:50:23 -0400 Subject: [PATCH 3/6] chore: bump versions --- src/CommonLib/SharpHoundCommonLib.csproj | 2 +- src/SharpHoundRPC/SharpHoundRPC.csproj | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/CommonLib/SharpHoundCommonLib.csproj b/src/CommonLib/SharpHoundCommonLib.csproj index 92ff866e..864a183a 100644 --- a/src/CommonLib/SharpHoundCommonLib.csproj +++ b/src/CommonLib/SharpHoundCommonLib.csproj @@ -9,7 +9,7 @@ Common library for C# BloodHound enumeration tasks GPL-3.0-only https://github.com/BloodHoundAD/SharpHoundCommon - 3.0.7 + 3.0.8 SharpHoundCommonLib SharpHoundCommonLib diff --git a/src/SharpHoundRPC/SharpHoundRPC.csproj b/src/SharpHoundRPC/SharpHoundRPC.csproj index 89ada4cd..97607291 100644 --- a/src/SharpHoundRPC/SharpHoundRPC.csproj +++ b/src/SharpHoundRPC/SharpHoundRPC.csproj @@ -8,7 +8,7 @@ SpecterOps SAM/LSA Wrapper for C# BloodHound tasks GPL-3.0-only - 1.0.0 + 3.0.8 SharpHoundRPC SharpHoundRPC From 75643e2b6d09349cef4158f92d44b99ebe6aa32d Mon Sep 17 00:00:00 2001 From: rvazarkar Date: Tue, 26 Sep 2023 13:07:00 -0400 Subject: [PATCH 4/6] chore: remove all nuget/github publish steps for now --- .github/workflows/publish.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9bd044e4..10d1b666 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -40,14 +40,14 @@ jobs: - name: Pack run: dotnet pack --no-restore -c Release -p:PackageVersion=${{ steps.version.outputs.result }} -o . - - name: Prep Packages - run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/BloodHoundAD/index.json" +# - name: Prep Packages +# run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/BloodHoundAD/index.json" - - name: Publish to GitHub Packages - run: dotnet nuget push *.nupkg --api-key ${{ secrets.GITHUB_TOKEN }} --source "github" - - - name: Publish NuGet - run: dotnet nuget push *.nupkg -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_TOKEN }} --skip-duplicate +# - name: Publish to GitHub Packages +# run: dotnet nuget push *.nupkg --api-key ${{ secrets.GITHUB_TOKEN }} --source "github" +# +# - name: Publish NuGet +# run: dotnet nuget push *.nupkg -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_TOKEN }} --skip-duplicate - name: Publish to SpecterOps Packages env: From cfbf5ef1c1eb4ad7eda39d98b72e6793dfe4d2e3 Mon Sep 17 00:00:00 2001 From: rvazarkar Date: Tue, 26 Sep 2023 13:28:51 -0400 Subject: [PATCH 5/6] chore: update build/publish to netcore7 --- .github/workflows/build.yml | 8 +++++--- .github/workflows/publish.yml | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 98525761..d885332f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,12 +6,14 @@ jobs: build: runs-on: windows-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup .NET - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v3 with: - dotnet-version: 5.0.x + dotnet-version: | + 7.0.x + 5.0.x - name: Restore dependencies run: dotnet restore diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 10d1b666..f413190d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,7 +11,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout Code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Parse Version uses: web3j/substr-action@v1.2 @@ -21,9 +21,11 @@ jobs: start: 1 - name: Setup .NET - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v3 with: - dotnet-version: 5.0.x + dotnet-version: | + 7.0.x + 5.0.x - name: Restore Dependencies run: dotnet restore From 6f3dfeda70c3f385c58bcc27e5059dc8efad56f9 Mon Sep 17 00:00:00 2001 From: rvazarkar Date: Tue, 26 Sep 2023 13:45:32 -0400 Subject: [PATCH 6/6] chore: output nupkgs to a directoy to allow sleet to consume them --- .github/workflows/publish.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f413190d..83e54269 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -40,7 +40,9 @@ jobs: path: docfx/coverage/report/ - name: Pack - run: dotnet pack --no-restore -c Release -p:PackageVersion=${{ steps.version.outputs.result }} -o . + run: | + mkdir pkgs + dotnet pack --no-restore -c Release -p:PackageVersion=${{ steps.version.outputs.result }} -o ./pkgs # - name: Prep Packages # run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/BloodHoundAD/index.json" @@ -57,7 +59,7 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_KEY }} run: | dotnet tool install -g sleet - sleet push *.nupkg --skip-existing + sleet push ./pkgs --skip-existing ghpages: name: ghpages