Collection on DC without username/password
Closed this issue · 7 comments
It will be great to have an option equivalent to "SharpHound.exe --CollectionMethods All,GPOLocalGroup" that allows collecting data from a domain controller as local system rather than having to specify a username/password.
I'm not sure what you're asking, adalanche can already do this?
If you run "adalanche collect activedirectory" directly on a DC, it should work just as if you were doing it remote.
You can force localhost by using --server=127.0.0.1
If you want to force local GPO paths, use --gpopath="C:\Windows\SYSVOL\sysvol\domain.local\Policies" but the logic in adalanche would disable ACL analysis for GPO files then (that's the way it's done at the moment)
When i run it as system with the options specified, i get the following error:
LDAP Result Code 200 "Network Error": write tcp 10.128.0.8:56458->10.128.0.8:636: wsasend: An existing connection was forcibly closed by the remote host.
Try --port=389 --tlsmode=NoTLS, you probably don't have working CA infrastructure?
that worked. thanks.
I too am getting the same error. Using adalanche.exe --port=398 --tlsmode=NoTLS throws errors about --port and --tlsmode being "unknown flags". --help provides no insight about these proposed options.
using this worked:
adalanche.exe collect activedirectory --port=398 --tlsmode=NoTLS
The latest release does not seem to work using this command. I am trying to run it as localsystem as:
adalanche collect activedirectory -port=389 --tlsmode=NoTLS
but get the following error:
11:19:07.131 INFORMA Adalanche Open Source v2023.5.3 (commit aa4c038), (c) 2020-2022 Lars Karlslund, This program comes with ABSOLUTELY NO WARRANTY
11:19:07.216 WARNING Problem connecting to DC 127.0.0.1: The specified target is unknown or unreachable
11:19:07.216 ERROR All DCs failed login attempts