NetExec/nxc/helpers/bloodhound.py

def add_user_bh(user, domain, logger, config):
    """Adds a user to the BloodHound graph database.

    Args:
    ----
        user (str or list): The username of the user or a list of user dictionaries.
        domain (str): The domain of the user.
        logger (Logger): The logger object for logging messages.
        config (ConfigParser): The configuration object for accessing BloodHound settings.

    Returns:
    -------
        None

    Raises:
    ------
        AuthError: If the provided Neo4J credentials are not valid.
        ServiceUnavailable: If Neo4J is not available on the specified URI.
        Exception: If an unexpected error occurs with Neo4J.
    """
    users_owned = []
    if isinstance(user, str):
        users_owned.append({"username": user.upper(), "domain": domain.upper()})
    else:
        users_owned = user

    if config.get("BloodHound", "bh_enabled") != "False":
        # we do a conditional import here to avoid loading these if BH isn't enabled
        from neo4j import GraphDatabase
        from neo4j.exceptions import AuthError, ServiceUnavailable

        uri = f"bolt://{config.get('BloodHound', 'bh_uri')}:{config.get('BloodHound', 'bh_port')}"

        driver = GraphDatabase.driver(
            uri,
            auth=(
                config.get("BloodHound", "bh_user"),
                config.get("BloodHound", "bh_pass"),
            ),
            encrypted=False,
        )
        try:
            with driver.session().begin_transaction() as tx:
                for info in users_owned:
                    distinguished_name = "".join([f"DC={dc}," for dc in info["domain"].split(".")]).rstrip(",")
                    domain_query = tx.run(f"MATCH (d:Domain) WHERE d.distinguishedname STARTS WITH '{distinguished_name}' RETURN d").data()
                    if not domain_query:
                        raise Exception("Domain not found in bloodhound")
                    else:
                        domain = domain_query[0]["d"].get("name")

                    if info["username"][-1] == "$":
                        user_owned = f"{info['username'][:-1]}.{domain}"
                        account_type = "Computer"
                    else:
                        user_owned = f"{info['username']}@{domain}"
                        account_type = "User"

                    result = tx.run(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) RETURN c")

                    if result.data()[0]["c"].get("owned") in (False, None):
                        logger.debug(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) SET c.owned=True RETURN c.name AS name")
                        result = tx.run(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) SET c.owned=True RETURN c.name AS name")
                        logger.highlight(f"Node {user_owned} successfully set as owned in BloodHound")
        except AuthError:
            logger.fail(f"Provided Neo4J credentials ({config.get('BloodHound', 'bh_user')}:{config.get('BloodHound', 'bh_pass')}) are not valid.")
            return
        except ServiceUnavailable:
            logger.fail(f"Neo4J does not seem to be available on {uri}.")
            return
        except Exception as e:
            if "Domain not found in bloodhound" in str(e):
                logger.fail("Neo4J Error: Domain not found in BloodHound. Please specify the FQDN ex:domain.local.")
            else:
                logger.fail(f"Unexpected error with Neo4J: {e}")
                logger.fail("Account not found on the domain")
            return
        driver.close()
Add bloodhound core feature 2021-11-19 21:16:37 +00:00			`def add_user_bh(user, domain, logger, config):`
ruff: manually fixed pydocstyle ruff alerts and add exclusions 2023-10-12 19:41:13 +00:00			`"""Adds a user to the BloodHound graph database.`
ruff cleanup 2023-09-24 04:25:08 +00:00
			`Args:`
ruff: fix pydocstyle via ruff 2023-10-12 19:13:16 +00:00			`----`
ruff cleanup 2023-09-24 04:25:08 +00:00			`user (str or list): The username of the user or a list of user dictionaries.`
			`domain (str): The domain of the user.`
			`logger (Logger): The logger object for logging messages.`
			`config (ConfigParser): The configuration object for accessing BloodHound settings.`

			`Returns:`
ruff: fix pydocstyle via ruff 2023-10-12 19:13:16 +00:00			`-------`
ruff cleanup 2023-09-24 04:25:08 +00:00			`None`

			`Raises:`
ruff: fix pydocstyle via ruff 2023-10-12 19:13:16 +00:00			`------`
ruff cleanup 2023-09-24 04:25:08 +00:00			`AuthError: If the provided Neo4J credentials are not valid.`
			`ServiceUnavailable: If Neo4J is not available on the specified URI.`
			`Exception: If an unexpected error occurs with Neo4J.`
			`"""`
Add bloodhound core feature 2021-11-20 21:37:14 +00:00			`users_owned = []`
			`if isinstance(user, str):`
black formating 2023-05-02 15:17:59 +00:00			`users_owned.append({"username": user.upper(), "domain": domain.upper()})`
Add bloodhound core feature 2021-11-20 21:37:14 +00:00			`else:`
			`users_owned = user`
fix exception handle and add TODO 2023-09-22 14:40:29 +00:00
black formating 2023-05-02 15:17:59 +00:00			`if config.get("BloodHound", "bh_enabled") != "False":`
move imports back to conditional and add comment 2023-10-18 16:08:46 +00:00			`# we do a conditional import here to avoid loading these if BH isn't enabled`
			`from neo4j import GraphDatabase`
			`from neo4j.exceptions import AuthError, ServiceUnavailable`

convert format() to f-string, update single quote to double, and some PEP8 fixes 2023-04-12 04:25:38 +00:00			`uri = f"bolt://{config.get('BloodHound', 'bh_uri')}:{config.get('BloodHound', 'bh_port')}"`
Add bloodhound core feature 2021-11-19 21:16:37 +00:00
black formating 2023-05-02 15:17:59 +00:00			`driver = GraphDatabase.driver(`
			`uri,`
			`auth=(`
			`config.get("BloodHound", "bh_user"),`
			`config.get("BloodHound", "bh_pass"),`
			`),`
			`encrypted=False,`
			`)`
Add bloodhound core feature 2021-11-19 21:16:37 +00:00			`try:`
Add computer accounts to bloodhound if local admin on host 2023-10-23 15:20:47 +00:00			`with driver.session().begin_transaction() as tx:`
ruff: add flake8-simplify (SIM) and auto-fix 2023-10-14 19:56:22 +00:00			`for info in users_owned:`
Changed to f-string, swapped single quote to double quotes 2023-10-30 14:38:52 +00:00			`distinguished_name = "".join([f"DC={dc}," for dc in info["domain"].split(".")]).rstrip(",")`
			`domain_query = tx.run(f"MATCH (d:Domain) WHERE d.distinguishedname STARTS WITH '{distinguished_name}' RETURN d").data()`
Improve bloodhound connector when adding users and using the NETBIOS name from the domain 2023-10-22 15:38:45 +00:00			`if not domain_query:`
			`raise Exception("Domain not found in bloodhound")`
			`else:`
			`domain = domain_query[0]["d"].get("name")`

ruff: add flake8-simplify (SIM) and auto-fix 2023-10-14 19:56:22 +00:00			`if info["username"][-1] == "$":`
Changed to f-string, swapped single quote to double quotes 2023-10-30 14:38:52 +00:00			`user_owned = f"{info['username'][:-1]}.{domain}"`
ruff: add flake8-simplify (SIM) and auto-fix 2023-10-14 19:56:22 +00:00			`account_type = "Computer"`
			`else:`
Changed to f-string, swapped single quote to double quotes 2023-10-30 14:38:52 +00:00			`user_owned = f"{info['username']}@{domain}"`
ruff: add flake8-simplify (SIM) and auto-fix 2023-10-14 19:56:22 +00:00			`account_type = "User"`
Set computer accounts as owned in BloodHound 2022-02-02 11:13:01 +00:00
Fix single quote 2023-10-30 17:38:10 +00:00			`result = tx.run(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) RETURN c")`
Set computer accounts as owned in BloodHound 2022-02-02 11:13:01 +00:00
ruff: add flake8-simplify (SIM) and auto-fix 2023-10-14 19:56:22 +00:00			`if result.data()[0]["c"].get("owned") in (False, None):`
Changed to f-string, swapped single quote to double quotes 2023-10-30 14:38:52 +00:00			`logger.debug(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) SET c.owned=True RETURN c.name AS name")`
			`result = tx.run(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) SET c.owned=True RETURN c.name AS name")`
ruff: add flake8-simplify (SIM) and auto-fix 2023-10-14 19:56:22 +00:00			`logger.highlight(f"Node {user_owned} successfully set as owned in BloodHound")`
automatic ruff fixing 2023-09-20 15:59:16 +00:00			`except AuthError:`
use fail instead of error for bh 2023-05-10 20:18:07 +00:00			`logger.fail(f"Provided Neo4J credentials ({config.get('BloodHound', 'bh_user')}:{config.get('BloodHound', 'bh_pass')}) are not valid.")`
Add bloodhound core feature 2021-11-19 21:16:37 +00:00			`return`
automatic ruff fixing 2023-09-20 15:59:16 +00:00			`except ServiceUnavailable:`
use fail instead of error for bh 2023-05-10 20:18:07 +00:00			`logger.fail(f"Neo4J does not seem to be available on {uri}.")`
Add bloodhound core feature 2021-11-19 21:16:37 +00:00			`return`
fix exception handle and add TODO 2023-09-22 14:40:29 +00:00			`except Exception as e:`
Improve bloodhound connector when adding users and using the NETBIOS name from the domain 2023-10-22 15:38:45 +00:00			`if "Domain not found in bloodhound" in str(e):`
			`logger.fail("Neo4J Error: Domain not found in BloodHound. Please specify the FQDN ex:domain.local.")`
			`else:`
			`logger.fail(f"Unexpected error with Neo4J: {e}")`
			`logger.fail("Account not found on the domain")`
Add bloodhound core feature 2021-11-19 21:16:37 +00:00			`return`
black formating 2023-05-02 15:17:59 +00:00			`driver.close()`