From ec0725650e7a9a048a80034c50a9a2d8b80c0622 Mon Sep 17 00:00:00 2001 From: rvazarkar Date: Thu, 25 Jul 2024 14:03:25 -0400 Subject: [PATCH] chore: add some missing properties --- src/CommonLib/Enums/LDAPProperties.cs | 1 + src/CommonLib/LdapQueries/CommonProperties.cs | 4 ++++ src/CommonLib/Processors/SPNProcessors.cs | 11 ++++------- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/CommonLib/Enums/LDAPProperties.cs b/src/CommonLib/Enums/LDAPProperties.cs index 60212251..8b13359b 100644 --- a/src/CommonLib/Enums/LDAPProperties.cs +++ b/src/CommonLib/Enums/LDAPProperties.cs @@ -79,5 +79,6 @@ public static class LDAPProperties public const string DnsRoot = "dnsroot"; public const string ServerName = "servername"; public const string OU = "ou"; + public const string ProfilePath = "profilepath"; } } diff --git a/src/CommonLib/LdapQueries/CommonProperties.cs b/src/CommonLib/LdapQueries/CommonProperties.cs index 34661a00..54a59549 100644 --- a/src/CommonLib/LdapQueries/CommonProperties.cs +++ b/src/CommonLib/LdapQueries/CommonProperties.cs @@ -88,5 +88,9 @@ public static class CommonProperties LDAPProperties.CertificateApplicationPolicy, LDAPProperties.CertificatePolicy, LDAPProperties.IssuancePolicies, LDAPProperties.CrossCertificatePair, LDAPProperties.ApplicationPolicies, LDAPProperties.PKIPrivateKeyFlag, LDAPProperties.OIDGroupLink }; + + public static readonly string[] StealthProperties = { + LDAPProperties.HomeDirectory, LDAPProperties.ScriptPath, LDAPProperties.ProfilePath + }; } } \ No newline at end of file diff --git a/src/CommonLib/Processors/SPNProcessors.cs b/src/CommonLib/Processors/SPNProcessors.cs index 87661eab..b05221c2 100644 --- a/src/CommonLib/Processors/SPNProcessors.cs +++ b/src/CommonLib/Processors/SPNProcessors.cs @@ -17,16 +17,15 @@ public SPNProcessors(ILdapUtils utils, ILogger log = null) { public IAsyncEnumerable ReadSPNTargets(ResolvedSearchResult result, IDirectoryObject entry) { - if (entry.TryGetArrayProperty(LDAPProperties.ServicePrincipalNames, out var members) && - entry.TryGetDistinguishedName(out var dn)) { - return ReadSPNTargets(members, dn, result.DisplayName); + if (entry.TryGetArrayProperty(LDAPProperties.ServicePrincipalNames, out var members)) { + return ReadSPNTargets(members, result.Domain, result.DisplayName); } return AsyncEnumerable.Empty(); } public async IAsyncEnumerable ReadSPNTargets(string[] servicePrincipalNames, - string distinguishedName, string objectName = "") { + string domainName, string objectName = "") { if (servicePrincipalNames.Length == 0) { _log.LogTrace("SPN Array is empty for {Name}", objectName); yield break; @@ -34,8 +33,6 @@ public async IAsyncEnumerable ReadSPNTargets(string[] servicePrinc _log.LogDebug("Processing SPN targets for {ObjectName}", objectName); - var domain = Helpers.DistinguishedNameToDomain(distinguishedName); - foreach (var spn in servicePrincipalNames) { //This SPN format isn't useful for us right now (username@domain) if (spn.Contains("@")) { @@ -53,7 +50,7 @@ public async IAsyncEnumerable ReadSPNTargets(string[] servicePrinc if (!int.TryParse(spn.Split(':')[1], out port)) port = 1433; - if (await _utils.ResolveHostToSid(spn, domain) is (true, var host) && host.StartsWith("S-1")) { + if (await _utils.ResolveHostToSid(spn, domainName) is (true, var host) && host.StartsWith("S-1")) { _log.LogTrace("Resolved {SPN} to {Hostname}", spn, host); yield return new SPNPrivilege { ComputerSID = host,