Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No execution or admin rights are shown in UI #240

Closed
1 task
HanseSecure opened this issue Nov 23, 2023 · 5 comments
Closed
1 task

No execution or admin rights are shown in UI #240

HanseSecure opened this issue Nov 23, 2023 · 5 comments
Labels
bug Something isn't working ticketed Ticket has been created internally for tracking

Comments

@HanseSecure
Copy link

HanseSecure commented Nov 23, 2023
edited
Loading

Description:

In the Community Edition no execution or admin privilege permissions are shown.

Component(s) Affected:

  • UI

Steps to Reproduce:

Load the same sharphound data into the old and the new Bloodhound editions.

Expected Behavior:

Permissions are shown.

Actual Behavior:

No permssions are shown.

Screenshots/Code Snippets/Sample Files:

old UI
grafik

grafik

new UI

grafik

grafik

Environment Information:

BloodHound: 5.1.0

Collector: 2.0.0

OS: current Kali

Browser: Firefox ESR 91.5

Docker (if using Docker): 20.10
@HanseSecure HanseSecure added bug Something isn't working triage This issue requires triaging labels Nov 23, 2023
@StephenHinck
Copy link
Collaborator

You'll need to collect with SharpHound v2 for BHCE, while using SharpHound v1 for BloodHound Legacy - they use different schemas for the data outputs, specifically for local groups and privileges.

@StephenHinck StephenHinck closed this as not planned Won't fix, can't repro, duplicate, stale Nov 27, 2023
@HanseSecure
Copy link
Author

I gathered the information with the Sharphound Version from the Commuinty Edition (Administration->Collector)

@HanseSecure
Copy link
Author

@StephenHinck could you please reopen the issue? iam using the right collector

@StephenHinck StephenHinck reopened this Nov 30, 2023
@slokie-so slokie-so added ticketed Ticket has been created internally for tracking and removed triage This issue requires triaging labels Mar 26, 2024
@emanuelduss
Copy link

emanuelduss commented Oct 25, 2024
edited
Loading

I have exactly the same issue. BloodHound CE does not correctly show AdminTo edges.

Here's my documentation and SharpHound files so you can reproduce it if you want (only testdata ofc ;-)).

It looks like it's not a UI issue but an issue when processing the data during the import, because the information is also not available in the Neo4J DB.

BloodHound Legacy

Group WS1ADMINS is local admin of WS1:

image

It's also correctly in the Neo4J DB:

image

Data is collected in 20241011080952_ous.json:

[...]
      "GPOChanges": {
        "LocalAdmins": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1138",
            "ObjectType": "Group"
          }
        ],
        "RemoteDesktopUsers": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1138",
            "ObjectType": "Group"
          }
[...]

This is as expected.

BloodHound CE

Latest BloodHound CE version as of 25.10.2024:

$ docker compose images
CONTAINER                    REPOSITORY              TAG                 IMAGE ID            SIZE
bloodhound-ce-app-db-1       postgres                16                  bc02d8216d73        432MB
bloodhound-ce-bloodhound-1   specterops/bloodhound   latest              b949e49cb322        87.4MB
bloodhound-ce-graph-db-1     neo4j                   4.4                 f7cfcc88300d        507MB

Data is collected in 20241011071647_ous.json:

[...]
      "GPOChanges": {
        "LocalAdmins": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1139",
            "ObjectType": "Group"
          }
        ],
        "RemoteDesktopUsers": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1139",
            "ObjectType": "Group"
          },
          {
            "ObjectIdentifier": "CHILD.TESTLAB.LOCAL-S-1-1-0",
            "ObjectType": "Group"
          }
        ],
        "DcomUsers": [],
        "PSRemoteUsers": [],
        "AffectedComputers": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1154",
            "ObjectType": "Computer"
          }
        ]
      },
[...]

BloodHound does not show the admin relationship:

image

There is also no edge in Neo4J:

image

--> This is not as expected.

EDIT:

AdminTo edges are shown for Users (but not for groups):

image

@StephenHinck
Copy link
Collaborator

Thank you for that information. This is a duplicate of #280

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working ticketed Ticket has been created internally for tracking
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@emanuelduss @StephenHinck @HanseSecure @slokie-so