BloodHoundAD/SharpHound

SharpHound Collection Error and Incompatible .json Output

jbeck71380 opened this issue · 2 comments

Hello,

I'm trying to run Sharphound to collect data for Neo4j database but am running into some trouble. Everytime I run Sharphound (Either the .exe or .ps1) I encounter the errors below:

2023-01-05T10:28:56.0830263-06:00|WARNING|[CommonLib LDAPUtils]LDAP Exception in Loop: 81. (null). The LDAP server is unavailable.. Filter: (&(samaccounttype=REDACTED)(samaccountname=REDACTED)). Domain: (null) System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable. at System.DirectoryServices.Protocols.LdapConnection.Connect() at System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at SharpHoundCommonLib.LDAPUtils.<QueryLDAP>d__33.MoveNext() 2023-01-05T10:28:56.2370976-06:00|INFORMATION|Producer has finished, closing LDAP channel 2023-01-05T10:28:56.2401740-06:00|INFORMATION|LDAP channel closed, waiting for consumers 2023-01-05T10:29:02.7019920-06:00|INFORMATION|Status: REDACTED objects finished (+4340 144.6667)/s -- Using 73 MB RAM 2023-01-05T10:29:17.1756469-06:00|WARNING|[CommonLib LDAPUtils]LDAP Exception in Loop: 52. (null). The LDAP server returned an unknown error.. Filter: (&(samaccounttype=REDACTED)(samaccountname=REDACTED)). Domain: (null) System.DirectoryServices.Protocols.LdapException: The LDAP server returned an unknown error. at System.DirectoryServices.Protocols.LdapConnection.Connect() at System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at SharpHoundCommonLib.LDAPUtils.<QueryLDAP>d__33.MoveNext() 2023-01-05T10:29:32.7066748-06:00|INFORMATION|Status: REDACTED objects finished (+0 72.33334)/s -- Using 73 MB RAM

It ends up generating about 20 of these error messages before exiting. I found another issue open on the Bloodhound Github #510. In this thread rvazarkar said it was a non issue. However, my .json output is still not importing. Saying that the data is from an incompatible collector. I ensured that both my Bloodhound and Sharphound version matched (version 4.2). I also attempted to standardize the .json file according to the .json documentation here and attempted to fix the data at the end of the file manually.

The command I used to run is here:

.\sharphound.exe -c Default -d REDACTED --ldapusername REDACTED --ldappassword REDACTED --secureldap --throttle 200 --stealth --outputdirectory C:\Temp\Bloodhound_output --> I have also just tried the .exe and .ps1 with no command line arguments and similar errors occurred. This is from a domain joined computer and is on ethernet.

File Fix Example below:
"Status":null,"Aces":[],"ObjectIdentifier":"REDACTED","IsDele --> The .json output file is cut off at the end.

I attempted to fix this by removing the last entry until the next 'Properties' and adding a }]} --> this looked similar to the documentation.

Regardless, I am needing some help figuring out where I am going wrong. I can't find any fix on Github and have combed the documentation thoroughly. Any help would be greatly appreciated. If you need more information let me know. I'll do my best to provide redacted error output.

Hi @jbeck71380,

Thanks for posting your issue, and sorry for keeping you waiting. This sound super odd and very frustrating..
Is it every time that the output file is cut off at the end? Does it also happen if you run a different collection, e.g. -C ACL?

Closing as no additional information has been provided. Please feel free to re-open if you have any additional information to help us troubleshoot.