Merge pull request #88 from Pennyw0rth/neff-neo4j
Improve bloodhound connector with Netbios domain namemain
Alex
GitHub
commit
e046a67775
|
|
@ -30,7 +30,7 @@ If applicable, add screenshots to help explain your problem.
|
|||
|
||||
**NetExec info**
|
||||
- OS: [e.g. Kali]
|
||||
- Version of nxc [e.g. v1.5.2]
|
||||
- Version of nxc: [e.g. v1.5.2]
|
||||
- Installed from: apt/github/pip/docker/...? Please try with latest release before openning an issue
|
||||
|
||||
**Additional context**
|
||||
|
|
|
|||
|
|
@ -395,10 +395,6 @@ class connection:
|
|||
return False
|
||||
if self.args.continue_on_success and owned:
|
||||
return False
|
||||
# Enforcing FQDN for SMB if not using local authentication. Related issues/PRs: #26, #28, #24, #38
|
||||
if self.args.protocol == "smb" and not self.args.local_auth and "." not in domain and not self.args.laps and secret != "" and self.domain.upper() != self.hostname.upper():
|
||||
self.logger.error(f"Domain {domain} for user {username.rstrip()} need to be FQDN ex:domain.local, not domain")
|
||||
return False
|
||||
if hasattr(self.args, "delegate") and self.args.delegate:
|
||||
self.args.kerberos = True
|
||||
with sem:
|
||||
|
|
|
|||
|
|
@ -43,18 +43,26 @@ def add_user_bh(user, domain, logger, config):
|
|||
try:
|
||||
with driver.session() as session, session.begin_transaction() as tx:
|
||||
for info in users_owned:
|
||||
distinguished_name = "".join([f"DC={dc}," for dc in info["domain"].split(".")]).rstrip(",")
|
||||
domain_query = tx.run(f"MATCH (d:Domain) WHERE d.distinguishedname STARTS WITH '{distinguished_name}' RETURN d").data()
|
||||
if not domain_query:
|
||||
raise Exception("Domain not found in bloodhound")
|
||||
else:
|
||||
domain = domain_query[0]["d"].get("name")
|
||||
|
||||
if info["username"][-1] == "$":
|
||||
user_owned = info["username"][:-1] + "." + info["domain"]
|
||||
user_owned = f"{info['username'][:-1]}.{domain}"
|
||||
account_type = "Computer"
|
||||
else:
|
||||
user_owned = info["username"] + "@" + info["domain"]
|
||||
user_owned = f"{info['username']}@{domain}"
|
||||
account_type = "User"
|
||||
|
||||
result = tx.run(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) RETURN c')
|
||||
|
||||
result = tx.run(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) RETURN c")
|
||||
|
||||
if result.data()[0]["c"].get("owned") in (False, None):
|
||||
logger.debug(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) SET c.owned=True RETURN c.name AS name')
|
||||
result = tx.run(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) SET c.owned=True RETURN c.name AS name')
|
||||
logger.debug(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) SET c.owned=True RETURN c.name AS name")
|
||||
result = tx.run(f"MATCH (c:{account_type} {{name:'{user_owned}'}}) SET c.owned=True RETURN c.name AS name")
|
||||
logger.highlight(f"Node {user_owned} successfully set as owned in BloodHound")
|
||||
except AuthError:
|
||||
logger.fail(f"Provided Neo4J credentials ({config.get('BloodHound', 'bh_user')}:{config.get('BloodHound', 'bh_pass')}) are not valid.")
|
||||
|
|
@ -63,7 +71,10 @@ def add_user_bh(user, domain, logger, config):
|
|||
logger.fail(f"Neo4J does not seem to be available on {uri}.")
|
||||
return
|
||||
except Exception as e:
|
||||
logger.fail(f"Unexpected error with Neo4J: {e}")
|
||||
logger.fail("Account not found on the domain")
|
||||
if "Domain not found in bloodhound" in str(e):
|
||||
logger.fail("Neo4J Error: Domain not found in BloodHound. Please specify the FQDN ex:domain.local.")
|
||||
else:
|
||||
logger.fail(f"Unexpected error with Neo4J: {e}")
|
||||
logger.fail("Account not found on the domain")
|
||||
return
|
||||
driver.close()
|
||||
|
|
|
|||
Loading…
Reference in New Issue