From 78c7960daba17016139e6160368aefa7f3c41749 Mon Sep 17 00:00:00 2001
From: Tw1sm <mcreel31@gmail.com>
Date: Tue, 26 Nov 2024 17:24:31 -0500
Subject: [PATCH] help with sid parsing

---
 bofhound/ad/models/bloodhound_domain.py |  2 +-
 bofhound/ad/models/bloodhound_group.py  |  6 +++---
 bofhound/ad/models/bloodhound_object.py | 10 +++++++++-
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/bofhound/ad/models/bloodhound_domain.py b/bofhound/ad/models/bloodhound_domain.py
index 4f05b69..9b69025 100644
--- a/bofhound/ad/models/bloodhound_domain.py
+++ b/bofhound/ad/models/bloodhound_domain.py
@@ -36,7 +36,7 @@ def __init__(self, object):
             dc = BloodHoundObject.get_domain_component(object.get('distinguishedname').upper())
             logging.debug(f"Reading Domain object {ColorScheme.domain}{self.Properties['name']}[/]", extra=OBJ_EXTRA_FMT)
 
-        if 'objectsid' in object.keys():
+        if self.ObjectIdentifier:
             self.Properties["domainsid"] = object.get('objectsid')
 
         if 'distinguishedname' in object.keys():
diff --git a/bofhound/ad/models/bloodhound_group.py b/bofhound/ad/models/bloodhound_group.py
index 1efcc9d..e2c07e2 100644
--- a/bofhound/ad/models/bloodhound_group.py
+++ b/bofhound/ad/models/bloodhound_group.py
@@ -37,9 +37,9 @@ def __init__(self, object):
 
         if 'objectsid' in object.keys():
             #objectid = BloodHoundObject.get_sid(object.get('objectsid', None), object.get('distinguishedname', None))
-            objectid = object.get('objectsid')
-            self.ObjectIdentifier = objectid
-            self.Properties["domainsid"] = objectid.rsplit('-',1)[0]
+            #objectid = object.get('objectsid')
+            #self.ObjectIdentifier = objectid
+            self.Properties["domainsid"] = self.ObjectIdentifier.rsplit('-',1)[0]
 
 
         if 'distinguishedname' in object.keys():
diff --git a/bofhound/ad/models/bloodhound_object.py b/bofhound/ad/models/bloodhound_object.py
index faddce2..864e3db 100644
--- a/bofhound/ad/models/bloodhound_object.py
+++ b/bofhound/ad/models/bloodhound_object.py
@@ -4,6 +4,7 @@
 import base64
 from asn1crypto import x509
 from datetime import datetime
+from ldap3.protocol.formatters.formatters import format_sid
 from bloodhound.enumeration.acls import SecurityDescriptor, ACL, ACCESS_ALLOWED_ACE, ACCESS_MASK, ACE, ACCESS_ALLOWED_OBJECT_ACE, has_extended_right, EXTRIGHTS_GUID_MAPPING, can_write_property, ace_applies
 from bloodhound.ad.utils import ADUtils
 from bofhound.logger import OBJ_EXTRA_FMT, ColorScheme
@@ -35,7 +36,14 @@ def __init__(self, object=None):
             for item in object.keys():
                 self.Properties[item.lower()] = object[item]
 
-            self.ObjectIdentifier = BloodHoundObject.get_sid(object.get('objectsid', None), object.get('distinguishedname', None))
+            try:
+                # shadowhound doesn't parse SIDs out, they're still base64'd so check to see if we have b64 data
+                sid = format_sid(base64.b64decode(object.get('objectsid', None)))
+                self.ObjectIdentifier = BloodHoundObject.get_sid(sid, object.get('distinguishedname', None))
+                print(self.ObjectIdentifier)
+            except:
+                # not base64 data, so normal workflow
+                self.ObjectIdentifier = BloodHoundObject.get_sid(object.get('objectsid', None), object.get('distinguishedname', None))
 
             if 'distinguishedname' in object.keys():
                 self.Properties["distinguishedname"] = object.get('distinguishedname', None).upper()