chore: add some missing properties

SpecterOps · Jul 25, 2024 · ec07256 · ec07256
1 parent ba5420e
commit ec07256
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/src/CommonLib/Enums/LDAPProperties.cs b/src/CommonLib/Enums/LDAPProperties.cs
@@ -79,5 +79,6 @@ public static class LDAPProperties
         public const string DnsRoot = "dnsroot";
         public const string ServerName = "servername";
         public const string OU = "ou";
+        public const string ProfilePath = "profilepath";
     }
 }
diff --git a/src/CommonLib/LdapQueries/CommonProperties.cs b/src/CommonLib/LdapQueries/CommonProperties.cs
@@ -88,5 +88,9 @@ public static class CommonProperties
             LDAPProperties.CertificateApplicationPolicy, LDAPProperties.CertificatePolicy, LDAPProperties.IssuancePolicies, LDAPProperties.CrossCertificatePair,
             LDAPProperties.ApplicationPolicies, LDAPProperties.PKIPrivateKeyFlag, LDAPProperties.OIDGroupLink
         };
+
+        public static readonly string[] StealthProperties = {
+            LDAPProperties.HomeDirectory, LDAPProperties.ScriptPath, LDAPProperties.ProfilePath
+        };
     }
 }
diff --git a/src/CommonLib/Processors/SPNProcessors.cs b/src/CommonLib/Processors/SPNProcessors.cs
@@ -17,25 +17,22 @@ public SPNProcessors(ILdapUtils utils, ILogger log = null) {
 
         public IAsyncEnumerable<SPNPrivilege> ReadSPNTargets(ResolvedSearchResult result,
             IDirectoryObject entry) {
-            if (entry.TryGetArrayProperty(LDAPProperties.ServicePrincipalNames, out var members) &&
-                entry.TryGetDistinguishedName(out var dn)) {
-                return ReadSPNTargets(members, dn, result.DisplayName);
+            if (entry.TryGetArrayProperty(LDAPProperties.ServicePrincipalNames, out var members)) {
+                return ReadSPNTargets(members, result.Domain, result.DisplayName);
             }
 
             return AsyncEnumerable.Empty<SPNPrivilege>();
         }
 
         public async IAsyncEnumerable<SPNPrivilege> ReadSPNTargets(string[] servicePrincipalNames,
-            string distinguishedName, string objectName = "") {
+            string domainName, string objectName = "") {
             if (servicePrincipalNames.Length == 0) {
                 _log.LogTrace("SPN Array is empty for {Name}", objectName);
                 yield break;
             }
 
             _log.LogDebug("Processing SPN targets for {ObjectName}", objectName);
 
-            var domain = Helpers.DistinguishedNameToDomain(distinguishedName);
-
             foreach (var spn in servicePrincipalNames) {
                 //This SPN format isn't useful for us right now (username@domain)
                 if (spn.Contains("@")) {
@@ -53,7 +50,7 @@ public async IAsyncEnumerable<SPNPrivilege> ReadSPNTargets(string[] servicePrinc
                         if (!int.TryParse(spn.Split(':')[1], out port))
                             port = 1433;
 
-                    if (await _utils.ResolveHostToSid(spn, domain) is (true, var host) && host.StartsWith("S-1")) {
+                    if (await _utils.ResolveHostToSid(spn, domainName) is (true, var host) && host.StartsWith("S-1")) {
                         _log.LogTrace("Resolved {SPN} to {Hostname}", spn, host);
                         yield return new SPNPrivilege {
                             ComputerSID = host,