Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New UI don't show CanRDP #506

Closed
Etheeon opened this issue Mar 16, 2024 · 5 comments
Closed

New UI don't show CanRDP #506

Etheeon opened this issue Mar 16, 2024 · 5 comments
Labels
question Further information is requested

Comments

@Etheeon
Copy link

Etheeon commented Mar 16, 2024
edited
Loading

Since I have been using Bloodhound for a long time, many of the functions are familiar to me. However, after I decided to try out the new CE edition, I quickly lost enthusiasm for it. The most serious reason why I turn away from the CE edition and go back to the previous one is the fact that there are many inconsistencies between the data presented. In the old edition, among other things, all first-degree execution rights and RDP privileges are displayed in full and these can also be specifically queried. Now with the CE Edition it doesn't even show up for me. Likewise, all execution privileges that were displayed in the previous non-CE edition are completely missing. The same data sets were uploaded in both programs. Such a serious discrepancy is very annoying. I can't be the only one who noticed this. Is there already a solution for this? If not, please fix the problem urgently!
@Etheeon Etheeon added bug Something isn't working triage This issue requires triaging labels Mar 16, 2024
@StephenHinck StephenHinck added question Further information is requested and removed bug Something isn't working triage This issue requires triaging labels Mar 18, 2024
@StephenHinck
Copy link
Collaborator

Good morning; based on what you're saying, it sounds like you're utilizing the same SharpHound output across both products and expecting the same results.

BloodHound CE utilizes a slightly different data format for local permissions like CanRDP. For that reason, you'll need to utilize SharpHound v2+ in combination with BloodHound CE to see those edges. You should see those edges once you recollect your data with SharpHound v2 (the latest version is packaged with BloodHound and available in the gear icon -> Download Collectors).

Let me know if there's anything else we can help with!

@StephenHinck
Copy link
Collaborator

Additionally, there is an open feature request for first-degree relationships here: #117

@Etheeon
Copy link
Author

Etheeon commented Mar 18, 2024

I used the data with sharphound.exe v2.3, which I downloaded from this https://github.com/BloodHoundAD/BloodHound. Is this the correct version?

@Etheeon
Copy link
Author

Etheeon commented Mar 18, 2024

If that Version of Sharphound was the correct one, please reopen this case.

@StephenHinck
Copy link
Collaborator

It should be the latest version available here: https://github.com/BloodHoundAD/SharpHound/releases

Data exported from that collector should fail to create CanRDP edges in BloodHound Legacy because of the schema differences in the output files. If you were using that version to collect, please provide more information about the steps you took, collection methods, any errors in the output, etc.? It's also worth checking in the compstatus.csv file (TrackComputerCalls flag) whether SharpHound could enumerate the local data on the target system. Please keep in mind that another open issue regarding GPO analysis (#280), if that's the assumed path for data collection in this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StephenHinck @Etheeon