Skip to content

Commit

Permalink
add lapsv2 support
Browse files Browse the repository at this point in the history
  • Loading branch information
dadevel committed Jun 22, 2024
1 parent 15d4697 commit 4a2b6eb
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 7 deletions.
2 changes: 1 addition & 1 deletion bloodhound/ad/computer.py
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ def get_bloodhound_data(self, entry, collect, skip_acl=False):
props['samaccountname'] = ADUtils.get_entry_property(entry, 'sAMAccountName')

if 'objectprops' in collect or 'acl' in collect:
props['haslaps'] = ADUtils.get_entry_property(entry, 'ms-mcs-admpwdexpirationtime', 0) != 0
props['haslaps'] = bool(ADUtils.get_entry_property(entry, 'ms-mcs-admpwdexpirationtime', 0) or ADUtils.get_entry_property(entry, 'mslaps-passwordexpirationtime', 0))

if 'objectprops' in collect:
props['lastlogon'] = ADUtils.win_timestamp_to_unix(
Expand Down
16 changes: 12 additions & 4 deletions bloodhound/ad/domain.py
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,9 @@ def get_objecttype(self):
if 'ms-mcs-admpwdexpirationtime' in self.objecttype_guid_map:
logging.debug('Found LAPS attributes in schema')
self.ad.has_laps = True
elif 'ms-laps-passwordexpirationtime' in self.objecttype_guid_map:
logging.debug('Found LAPSv2 attributes in schema')
self.ad.has_lapsv2 = True
else:
logging.debug('No LAPS attributes found in schema')

Expand Down Expand Up @@ -484,12 +487,15 @@ def get_computers(self, include_properties=False, acl=False):
properties.append('msDS-AllowedToActOnBehalfOfOtherIdentity')
if self.ad.has_laps:
properties.append('ms-mcs-admpwdexpirationtime')
if self.ad.has_lapsv2:
properties.append('mslaps-passwordexpirationtime')
if acl:
# Also collect LAPS expiration time since this matters for reporting (no LAPS = no ACL reported)
if self.ad.has_laps:
properties += ['nTSecurityDescriptor', 'ms-mcs-admpwdexpirationtime']
else:
properties.append('nTSecurityDescriptor')
properties.append('ms-mcs-admpwdexpirationtime')
if self.ad.has_lapsv2:
properties.append('mslaps-passwordexpirationtime')
properties.append('nTSecurityDescriptor')

# Exclude MSA only if server supports it
if 'msDS-GroupManagedServiceAccount' in self.ldap.server.schema.object_classes:
Expand Down Expand Up @@ -559,7 +565,7 @@ def get_childobjects(self, dn, use_resolver=True):
search_base=dn,
search_scope=LEVEL,
use_resolver=use_resolver)

return entries

def get_trusts(self):
Expand Down Expand Up @@ -635,6 +641,8 @@ def __init__(self, domain=None, auth=None, nameserver=None, dns_tcp=False, dns_t
self.num_domains = 1
# Does the schema have laps properties
self.has_laps = False
# Does the schema have lapsv2 properties
self.has_lapsv2 = False
# Does the schema have msDS-KeyCredentialLink
self.has_keycredlink = False
if domain is not None:
Expand Down
4 changes: 2 additions & 2 deletions bloodhound/enumeration/acls.py
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ def parse_binary_acl(entry, entrytype, acl, objecttype_guid_map):
if entrytype == 'computer' and \
ace_object.acedata.has_flag(ACCESS_ALLOWED_OBJECT_ACE.ACE_OBJECT_TYPE_PRESENT) and \
entry['Properties']['haslaps']:
if ace_object.acedata.get_object_type().lower() == objecttype_guid_map['ms-mcs-admpwd']:
if ace_object.acedata.get_object_type().lower() in (objecttype_guid_map.get('ms-mcs-admpwd'), objecttype_guid_map.get('mslaps-password')):
relations.append(build_relation(sid, 'ReadLAPSPassword', inherited=is_inherited))

# Extended rights
Expand Down Expand Up @@ -192,7 +192,7 @@ def parse_binary_acl(entry, entrytype, acl, objecttype_guid_map):
if not ace_object.has_flag(ACE.INHERITED_ACE) and ace_object.has_flag(ACE.INHERIT_ONLY_ACE):
# ACE is set on this object, but only inherited, so not applicable to us
continue

if mask.has_priv(ACCESS_MASK.GENERIC_ALL):
# Generic all includes all other rights, so skip from here
relations.append(build_relation(sid, 'GenericAll', inherited=is_inherited))
Expand Down

0 comments on commit 4a2b6eb

Please sign in to comment.