diff --git a/src/CommonLib/Processors/CertAbuseProcessor.cs b/src/CommonLib/Processors/CertAbuseProcessor.cs index e9593bea..066965b5 100644 --- a/src/CommonLib/Processors/CertAbuseProcessor.cs +++ b/src/CommonLib/Processors/CertAbuseProcessor.cs @@ -10,6 +10,7 @@ using SharpHoundCommonLib.OutputTypes; using SharpHoundRPC; using SharpHoundRPC.Wrappers; +using Encoder = Microsoft.Security.Application.Encoder; namespace SharpHoundCommonLib.Processors { @@ -174,7 +175,7 @@ public IEnumerable ProcessCertTemplates(string[] templates, stri var certTemplatesLocation = _utils.BuildLdapPath(DirectoryPaths.CertTemplateLocation, domainName); foreach (var templateCN in templates) { - var res = _utils.ResolveCertTemplateByProperty(templateCN, LDAPProperties.CanonicalName, certTemplatesLocation, domainName); + var res = _utils.ResolveCertTemplateByProperty(Encoder.LdapFilterEncode(templateCN), LDAPProperties.CanonicalName, certTemplatesLocation, domainName); yield return res; } } @@ -429,7 +430,7 @@ public EnrollmentAgentRestriction(QualifiedAce ace, string computerDomain, strin var template = Encoding.Unicode.GetString(opaque, index, opaque.Length - index - 2).Replace("\u0000", string.Empty); // Attempt to resolve the cert template by CN - Template = certAbuseProcessor._utils.ResolveCertTemplateByProperty(template, LDAPProperties.CanonicalName, certTemplatesLocation, computerDomain); + Template = certAbuseProcessor._utils.ResolveCertTemplateByProperty(Encoder.LdapFilterEncode(template), LDAPProperties.CanonicalName, certTemplatesLocation, computerDomain); // Attempt to resolve the cert template by OID if (Template == null) diff --git a/src/CommonLib/SharpHoundCommonLib.csproj b/src/CommonLib/SharpHoundCommonLib.csproj index 84daaadc..4a8e8a85 100644 --- a/src/CommonLib/SharpHoundCommonLib.csproj +++ b/src/CommonLib/SharpHoundCommonLib.csproj @@ -18,6 +18,7 @@ full +