help with sid parsing

coffeegist · Nov 26, 2024 · 78c7960 · 78c7960
1 parent ddc2b45
commit 78c7960
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/bofhound/ad/models/bloodhound_domain.py b/bofhound/ad/models/bloodhound_domain.py
@@ -36,7 +36,7 @@ def __init__(self, object):
             dc = BloodHoundObject.get_domain_component(object.get('distinguishedname').upper())
             logging.debug(f"Reading Domain object {ColorScheme.domain}{self.Properties['name']}[/]", extra=OBJ_EXTRA_FMT)
 
-        if 'objectsid' in object.keys():
+        if self.ObjectIdentifier:
             self.Properties["domainsid"] = object.get('objectsid')
 
         if 'distinguishedname' in object.keys():

diff --git a/bofhound/ad/models/bloodhound_group.py b/bofhound/ad/models/bloodhound_group.py
@@ -37,9 +37,9 @@ def __init__(self, object):
 
         if 'objectsid' in object.keys():
             #objectid = BloodHoundObject.get_sid(object.get('objectsid', None), object.get('distinguishedname', None))
-            objectid = object.get('objectsid')
-            self.ObjectIdentifier = objectid
-            self.Properties["domainsid"] = objectid.rsplit('-',1)[0]
+            #objectid = object.get('objectsid')
+            #self.ObjectIdentifier = objectid
+            self.Properties["domainsid"] = self.ObjectIdentifier.rsplit('-',1)[0]
 
 
         if 'distinguishedname' in object.keys():

diff --git a/bofhound/ad/models/bloodhound_object.py b/bofhound/ad/models/bloodhound_object.py
@@ -4,6 +4,7 @@
 import base64
 from asn1crypto import x509
 from datetime import datetime
+from ldap3.protocol.formatters.formatters import format_sid
 from bloodhound.enumeration.acls import SecurityDescriptor, ACL, ACCESS_ALLOWED_ACE, ACCESS_MASK, ACE, ACCESS_ALLOWED_OBJECT_ACE, has_extended_right, EXTRIGHTS_GUID_MAPPING, can_write_property, ace_applies
 from bloodhound.ad.utils import ADUtils
 from bofhound.logger import OBJ_EXTRA_FMT, ColorScheme
@@ -35,7 +36,14 @@ def __init__(self, object=None):
             for item in object.keys():
                 self.Properties[item.lower()] = object[item]
 
-            self.ObjectIdentifier = BloodHoundObject.get_sid(object.get('objectsid', None), object.get('distinguishedname', None))
+            try:
+                # shadowhound doesn't parse SIDs out, they're still base64'd so check to see if we have b64 data
+                sid = format_sid(base64.b64decode(object.get('objectsid', None)))
+                self.ObjectIdentifier = BloodHoundObject.get_sid(sid, object.get('distinguishedname', None))
+                print(self.ObjectIdentifier)
+            except:
+                # not base64 data, so normal workflow
+                self.ObjectIdentifier = BloodHoundObject.get_sid(object.get('objectsid', None), object.get('distinguishedname', None))
 
             if 'distinguishedname' in object.keys():
                 self.Properties["distinguishedname"] = object.get('distinguishedname', None).upper()