Improve parsing of target domain SID for domain trusts

coffeegist · Jan 22, 2025 · 3000d16 · 3000d16
1 parent bf8f0c5
commit 3000d16
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 25 deletions.
diff --git a/bofhound/ad/adds.py b/bofhound/ad/adds.py
@@ -142,18 +142,6 @@ def import_objects(self, objects):
                 # grab domain trusts
                 elif 'trustedDomain' in object_class:
                     bhObject = BloodHoundDomainTrust(object)
-
-                    # try to find if this domain is new or not
-                    needs_temp_sid = True
-                    for trust in self.trusts:
-                        if trust.TrustProperties['TargetDomainName'].upper() == bhObject.TrustProperties['TargetDomainName'].upper():
-                            bhObject.TrustProperties['TargetDomainSid'] = trust.TrustProperties['TargetDomainSid']
-                            needs_temp_sid = False
-
-                    # set a temporary sid if new trusted domain
-                    if needs_temp_sid:
-                        bhObject.set_temporary_sid(len(self.trusts))
-
                     target_list = self.trusts
                 # grab OUs
                 elif 'top, organizationalUnit' in object_class:

diff --git a/bofhound/ad/models/bloodhound_domaintrust.py b/bofhound/ad/models/bloodhound_domaintrust.py
@@ -3,6 +3,7 @@
 from bloodhound.ad.utils import ADUtils
 from bloodhound.ad.trusts import ADDomainTrust
 from bofhound.ad.helpers import TrustType, TrustDirection
+from impacket.ldap.ldaptypes import LDAP_SID
 import logging
 
 class BloodHoundDomainTrust(object):
@@ -23,27 +24,19 @@ def __init__(self, object):
         self.TrustProperties = None
 
         if 'distinguishedname' in object.keys() and 'trustpartner' in object.keys() and \
-            'trustdirection' in object.keys() and 'trusttype' in object.keys() and 'trustattributes' in object.keys():
+            'trustdirection' in object.keys() and 'trusttype' in object.keys() and 'trustattributes' in object.keys() and \
+            'securityidentifier' in object.keys():
 
             self.LocalDomainDn = BloodHoundObject.get_domain_component(object.get('distinguishedname')).upper()
             trust_partner = object.get('trustpartner').upper()
             domain = ADUtils.ldap2domain(object.get('distinguishedname')).upper()
             logging.debug(f'Reading trust relationship between {ColorScheme.domain}{domain}[/] and {ColorScheme.domain}{trust_partner}[/]', extra=OBJ_EXTRA_FMT)
-            trust = ADDomainTrust(trust_partner, int(object.get('trustdirection')), object.get('trusttype'), int(object.get('trustattributes')), '')
+            domainsid = LDAP_SID()
+            domainsid.fromCanonical(object.get('securityidentifier'))
+            trust = ADDomainTrust(trust_partner, int(object.get('trustdirection')), object.get('trusttype'), int(object.get('trustattributes')), domainsid.getData())
             self.TrustProperties = trust.to_output()
 
             # BHCE now wants trusttype and direction defined as string names instead of int values
 
             self.TrustProperties['TrustDirection'] = TrustDirection(self.TrustProperties['TrustDirection']).name
             self.TrustProperties['TrustType'] = TrustType(self.TrustProperties['TrustType']).name
-
-    # Leaving the sid property blank, or setting it to a static value causes 
-    # BloodHound to improperly display trusts. Each trusted domain seems to 
-    # require a unique SID
-    def set_temporary_sid(self, indx):
-        self.TrustProperties['TargetDomainSid'] = f'S-1-5-21-{indx}'
-
-
-
-
-