No execution or admin rights are shown in UI

Question

No execution or admin rights are shown in UI

Closed this issue 2 months ago · 5 comments

HanseSecure commented a year ago

Description:

In the Community Edition no execution or admin privilege permissions are shown.

Component(s) Affected:

UI

Steps to Reproduce:

Load the same sharphound data into the old and the new Bloodhound editions.

Expected Behavior:

Permissions are shown.

Actual Behavior:

No permssions are shown.

Screenshots/Code Snippets/Sample Files:

old UI

new UI

Environment Information:

BloodHound: 5.1.0

Collector: 2.0.0

OS: current Kali

Browser: Firefox ESR 91.5

Docker (if using Docker): 20.10

Answer 1 · 2023-11-27T15:55:20.000Z

You'll need to collect with SharpHound v2 for BHCE, while using SharpHound v1 for BloodHound Legacy - they use different schemas for the data outputs, specifically for local groups and privileges.

Answer 2 · 2023-11-28T06:16:17.000Z

I gathered the information with the Sharphound Version from the Commuinty Edition (Administration->Collector)

Answer 3 · 2023-11-30T08:30:27.000Z

@StephenHinck could you please reopen the issue? iam using the right collector

Answer 4 · 2024-10-25T13:37:18.000Z

I have exactly the same issue. BloodHound CE does not correctly show AdminTo edges.

Here's my documentation and SharpHound files so you can reproduce it if you want (only testdata ofc ;-)).

It looks like it's not a UI issue but an issue when processing the data during the import, because the information is also not available in the Neo4J DB.

BloodHound Legacy

BloodHound Version: 4.3.1
SharpHound Version: 1.1.1
Collection Download: BloodHound_Legacy_4.3.1_SharpHound_1.1.1_child.testlab.local.zip

Group WS1ADMINS is local admin of WS1:

It's also correctly in the Neo4J DB:

Data is collected in 20241011080952_ous.json:

[...]
      "GPOChanges": {
        "LocalAdmins": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1138",
            "ObjectType": "Group"
          }
        ],
        "RemoteDesktopUsers": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1138",
            "ObjectType": "Group"
          }
[...]

This is as expected.

BloodHound CE

BloodHound Version: 5.0.0
SharpHound Version: 2.5.7
Download Collection: BloodHound_CE_5.0.0_SharpHound_2.5.7_child.testlab.local.zip

Latest BloodHound CE version as of 25.10.2024:

$ docker compose images
CONTAINER                    REPOSITORY              TAG                 IMAGE ID            SIZE
bloodhound-ce-app-db-1       postgres                16                  bc02d8216d73        432MB
bloodhound-ce-bloodhound-1   specterops/bloodhound   latest              b949e49cb322        87.4MB
bloodhound-ce-graph-db-1     neo4j                   4.4                 f7cfcc88300d        507MB

Data is collected in 20241011071647_ous.json:

[...]
      "GPOChanges": {
        "LocalAdmins": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1139",
            "ObjectType": "Group"
          }
        ],
        "RemoteDesktopUsers": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1139",
            "ObjectType": "Group"
          },
          {
            "ObjectIdentifier": "CHILD.TESTLAB.LOCAL-S-1-1-0",
            "ObjectType": "Group"
          }
        ],
        "DcomUsers": [],
        "PSRemoteUsers": [],
        "AffectedComputers": [
          {
            "ObjectIdentifier": "S-1-5-21-2070903584-3070904861-4042972969-1154",
            "ObjectType": "Computer"
          }
        ]
      },
[...]

BloodHound does not show the admin relationship:

There is also no edge in Neo4J:

--> This is not as expected.

EDIT:

AdminTo edges are shown for Users (but not for groups):

Answer 5 · 2024-10-25T15:05:31.000Z

Thank you for that information. This is a duplicate of #280