prep for CoerceToTGT

BloodHoundAD · Oct 16, 2024 · 9131970 · 9131970
1 parent 37ba516
commit 9131970
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/src/CommonLib/OutputTypes/Computer.cs b/src/CommonLib/OutputTypes/Computer.cs
@@ -20,6 +20,7 @@ public class Computer : OutputBase
         public DCRegistryData DCRegistryData { get; set; } = new();
         public ComputerStatus Status { get; set; }
         public bool IsDC { get; set; }
+        public bool UnconstrainedDelegation { get; set; }
         public string DomainSID { get; set; }
     }
 

diff --git a/src/CommonLib/OutputTypes/User.cs b/src/CommonLib/OutputTypes/User.cs
@@ -8,5 +8,7 @@ public class User : OutputBase
         public string PrimaryGroupSID { get; set; }
         public TypedPrincipal[] HasSIDHistory { get; set; } = Array.Empty<TypedPrincipal>();
         public SPNPrivilege[] SPNTargets { get; set; } = Array.Empty<SPNPrivilege>();
+        public bool UnconstrainedDelegation { get; set; }
+        public string DomainSID { get; set; }
     }
 }
diff --git a/src/CommonLib/Processors/LdapPropertyProcessor.cs b/src/CommonLib/Processors/LdapPropertyProcessor.cs
@@ -206,6 +206,8 @@ public async Task<UserProperties> ReadUserProperties(IDirectoryObject entry, str
             props.Add("passwordcantchange", uacFlags.HasFlag(UacFlags.PasswordCantChange));
             props.Add("passwordexpired", uacFlags.HasFlag(UacFlags.PasswordExpired));
 
+            userProps.UnconstrainedDelegation = uacFlags.HasFlag(UacFlags.TrustedForDelegation);
+
             var comps = new List<TypedPrincipal>();
             if (uacFlags.HasFlag(UacFlags.TrustedToAuthForDelegation) &&
                 entry.TryGetArrayProperty(LDAPProperties.AllowedToDelegateTo, out var delegates)) {
@@ -321,6 +323,8 @@ public async Task<ComputerProperties> ReadComputerProperties(IDirectoryObject en
             props.Add("lockedout", flags.HasFlag(UacFlags.Lockout));
             props.Add("passwordexpired", flags.HasFlag(UacFlags.PasswordExpired));
 
+            compProps.UnconstrainedDelegation = flags.HasFlag(UacFlags.TrustedForDelegation);
+
             var encryptionTypes = ConvertEncryptionTypes(entry.GetProperty(LDAPProperties.SupportedEncryptionTypes));
             props.Add("supportedencryptiontypes", encryptionTypes);
 
@@ -908,6 +912,7 @@ public class UserProperties {
         public Dictionary<string, object> Props { get; set; } = new();
         public TypedPrincipal[] AllowedToDelegate { get; set; } = Array.Empty<TypedPrincipal>();
         public TypedPrincipal[] SidHistory { get; set; } = Array.Empty<TypedPrincipal>();
+        public bool UnconstrainedDelegation { get; set; }
     }
 
     public class ComputerProperties {
@@ -916,6 +921,7 @@ public class ComputerProperties {
         public TypedPrincipal[] AllowedToAct { get; set; } = Array.Empty<TypedPrincipal>();
         public TypedPrincipal[] SidHistory { get; set; } = Array.Empty<TypedPrincipal>();
         public TypedPrincipal[] DumpSMSAPassword { get; set; } = Array.Empty<TypedPrincipal>();
+        public bool UnconstrainedDelegation { get; set; }
     }
 
     public class IssuancePolicyProperties {