Fix #10 - ContainedBy Property Bug (#11)

* set containedby to empty dict by default for output JSON * add table for blog links * version & changelog
coffeegist · Dec 17, 2024 · 243aa0b · 243aa0b
1 parent ed52915
commit 243aa0b
Show file tree

Hide file tree

Showing 17 changed files with 32 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
-## [0.4] - 10/20/2024
+## [0.4.1] - 10/22/2024
+### Fixed
+- Addressed [#10](https://github.com/coffeegist/bofhound/issues/10), an issue with the `ContainedBy` attribute in output JSON
+
+## [0.4.0] - 10/20/2024
 ### Added
 - Models for ADCS objects and abuse
     - AIACAs

diff --git a/README.md b/README.md
@@ -21,13 +21,13 @@ By parsing log files generated by the aforementioned tools, BOFHound allows oper
 
 Check this [PR](https://github.com/trustedsec/CS-Situational-Awareness-BOF/pull/114) to the SA BOF repo for BOFs that collect session and local group membership data and can be parsed by BOFHound.
 
-### Related Blogs
+### Blog Posts
 
-[Blog - Granularize Your AD Recon Game](https://www.fortalicesolutions.com/posts/bofhound-granularize-your-active-directory-reconnaissance-game)
-
-[Blog - Granularize Your AD Recon Game Part 2](https://www.fortalicesolutions.com/posts/granularize-your-active-directory-reconnaissance-game-part-2)
-
-[Blog - BOFHound: Session Integration](https://posts.specterops.io/bofhound-session-integration-7b88b6f18423)
+| Title                                                                                                                                                            | Date         |
+|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|
+| [*BOFHound: Session Integration*](https://posts.specterops.io/bofhound-session-integration-7b88b6f18423) | Jan 30, 2024 |
+| [*Granularize Your AD Recon Game Part 2*](https://www.fortalicesolutions.com/posts/granularize-your-active-directory-reconnaissance-game-part-2) | Jun 15, 2022 |
+| [*Granularize Your AD Recon Game*](https://www.fortalicesolutions.com/posts/bofhound-granularize-your-active-directory-reconnaissance-game) | May 10, 2022  |
 
 # Installation
 BOFHound can be installed with `pip3 install bofhound` or by cloning this repository and running `pip3 install .`

diff --git a/bofhound/ad/adds.py b/bofhound/ad/adds.py
@@ -246,15 +246,17 @@ def build_relation(self, object, sid, relation, acetype='', inherited=False):
         return {'RightName': relation, 'PrincipalSID': PrincipalSid, 'IsInherited': inherited, 'PrincipalType': PrincipalType }
 
     def calculate_contained(self, object):
+
         if object._entry_type == "Domain":
-            object.ContainedBy = None
             return
+
         dn = object.Properties['distinguishedname']
         start = dn.find(',') + 1
         contained_dn = dn[start:]
         start_contained = contained_dn[0:2]
         type_contained = ""
         id_contained = None
+
         match start_contained:
             case "CN":
                 if contained_dn.startswith("CN=BUILTIN"):
@@ -287,12 +289,14 @@ def calculate_contained(self, object):
                     if domain.Properties["distinguishedname"] == contained_dn:
                         id_contained = domain.ObjectIdentifier
             case _:
-                object.ContainedBy = None
                 return
 
         if type_contained == "":
-            object.ContainedBy = None
+            return
         else:
+            # 
+            # We've identified the containing object, set prop on the contained object
+            #
             object.ContainedBy = {"ObjectIdentifier":id_contained, "ObjectType":type_contained}
 
 

diff --git a/bofhound/ad/models/bloodhound_aiaca.py b/bofhound/ad/models/bloodhound_aiaca.py
@@ -20,7 +20,7 @@ def __init__(self, object):
         super().__init__(object)
 
         self._entry_type = "AIACA"
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.IsACLProtected = False
         self.IsDeleted = False
         self.x509Certificate = None

diff --git a/bofhound/ad/models/bloodhound_certtemplate.py b/bofhound/ad/models/bloodhound_certtemplate.py
@@ -27,7 +27,7 @@ def __init__(self, object):
 
         self._entry_type = "PKI Template"
         self.GPLinks = []
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.IsACLProtected = False
         self.cas_ids = []
 

diff --git a/bofhound/ad/models/bloodhound_computer.py b/bofhound/ad/models/bloodhound_computer.py
@@ -46,7 +46,7 @@ def __init__(self, object):
         self.AllowedToDelegate = []
         self.MemberOfDNs = []
         self.sessions = []
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.privileged_sessions = []
         self.registry_sessions = []
         self.local_group_members = {} # {group_name: [{member_sid, member_type}]}

diff --git a/bofhound/ad/models/bloodhound_container.py b/bofhound/ad/models/bloodhound_container.py
@@ -16,7 +16,7 @@ def __init__(self, object):
         super().__init__(object)
 
         self._entry_type = "Container"
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.Properties["blocksinheritance"] = False
 
         if 'objectguid' in object.keys():

diff --git a/bofhound/ad/models/bloodhound_domain.py b/bofhound/ad/models/bloodhound_domain.py
@@ -19,7 +19,7 @@ def __init__(self, object):
 
         self._entry_type = "Domain"
         self.GPLinks = []
-        self.ContainedBy = []
+        self.ContainedBy = {}
         level_id = object.get('msds-behavior-version', 0)
         try:
             functional_level = ADUtils.FUNCTIONAL_LEVELS[int(level_id)]

diff --git a/bofhound/ad/models/bloodhound_enterpriseca.py b/bofhound/ad/models/bloodhound_enterpriseca.py
@@ -23,7 +23,7 @@ def __init__(self, object):
 
         self._entry_type = "EnterpriseCA"
         self.IsDeleted = False
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.IsACLProtected = False
         self.Properties['casecuritycollected'] = False
         self.Properties['enrollmentagentrestrictionscollected'] = False

diff --git a/bofhound/ad/models/bloodhound_gpo.py b/bofhound/ad/models/bloodhound_gpo.py
@@ -18,7 +18,7 @@ def __init__(self, object):
         super().__init__(object)
 
         self._entry_type = "GPO"
-        self.ContainedBy = []
+        self.ContainedBy = {}
 
         if 'distinguishedname' in object.keys() and 'displayname' in object.keys():
             self.Properties["domain"] = ADUtils.ldap2domain(object.get('distinguishedname').upper())

diff --git a/bofhound/ad/models/bloodhound_group.py b/bofhound/ad/models/bloodhound_group.py
@@ -21,7 +21,7 @@ def __init__(self, object):
         self._entry_type = "Group"
         self.Members = []
         self.Aces = []
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.IsDeleted = False
         self.IsACLProtected = False
         self.MemberDNs = []

diff --git a/bofhound/ad/models/bloodhound_issuancepolicy.py b/bofhound/ad/models/bloodhound_issuancepolicy.py
@@ -22,7 +22,7 @@ def __init__(self, object):
 
         self._entry_type = "IssuancePolicy"
         self.IsDeleted = False
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.IsACLProtected = False
         self.GroupLink = None # {}
 

diff --git a/bofhound/ad/models/bloodhound_ntauthstore.py b/bofhound/ad/models/bloodhound_ntauthstore.py
@@ -22,7 +22,7 @@ def __init__(self, object):
 
         self._entry_type = "NTAuthStore"
         self.IsDeleted = False
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.IsACLProtected = False
 
         self.Properties['certthumbprints'] = []

diff --git a/bofhound/ad/models/bloodhound_ou.py b/bofhound/ad/models/bloodhound_ou.py
@@ -19,7 +19,7 @@ def __init__(self, object):
 
         self._entry_type = "OU"
         self.GPLinks = []
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.Properties["blocksinheritance"] = False
 
         if 'distinguishedname' in object.keys() and 'ou' in object.keys():

diff --git a/bofhound/ad/models/bloodhound_rootca.py b/bofhound/ad/models/bloodhound_rootca.py
@@ -19,7 +19,7 @@ def __init__(self, object):
         super().__init__(object)
 
         self._entry_type = "RootCA"
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.IsACLProtected = False
         self.IsDeleted = False
         self.x509Certificate = None

diff --git a/bofhound/ad/models/bloodhound_user.py b/bofhound/ad/models/bloodhound_user.py
@@ -31,7 +31,7 @@ def __init__(self, object=None):
         self.PrimaryGroupSid = None
         self.AllowedToDelegate = []
         self.Aces = []
-        self.ContainedBy = []
+        self.ContainedBy = {}
         self.SPNTargets = []
         self.HasSIDHistory = []
         self.IsACLProtected = False

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "bofhound"
-version = "0.4.0"
+version = "0.4.1"
 description = "Parse output from common sources and transform it into BloodHound-ingestible data"
 authors = [
 	"Adam Brown",