This repository has been archived by the owner on Sep 2, 2022. It is now read-only.
ForeignSecurityPrincipals not collected #75
Comments
|
I did some further testing, here are my results: When running SharpHound with the --Verbose parameter instead of --Debug, i can see following output: I have found several references to that String in https://github.com/BloodHoundAD/SharpHound/blob/master/Sharphound2/Utils.cs which looks like that SharpHound cannot contact the remote domain to request that specific user information, thus not including it into the .json. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I have encounted following issue:
Having a user from a foreign Domain (doesnt matter if same/foreign Forest) in a security group, SharpHound does not collect that user and write it into the .json file, thus not showing up in the database.
To be precise, my case looks like this:
I have Forest A with domain1.com and subdomain sub.domain1.com
And Forest B with domain2.com.
Theres a 2-way trust configured between both Forests.
User john from domain2.com is member of the Administrators group in sub.domain1.com.
SharpHound does not collect any informations about user john being in the Administrators group.
Running Sharphound with --debug -c Group --LdapFilter "(distinguishedname=CN=Administrators,CN=Builtin,DC=sub,DC=domain1,DC=com)" shows that SharpHound is actually fetching the informations ("Creating SecurityIdentifier from SID" and next resolving the foreign domain), but does not write it into the .json.
According to BlueCookieMonster from Slack, ForeignSecurityPrincipal collection is only working if its done in a user context from the parent domain.
The text was updated successfully, but these errors were encountered: