diff --git a/README.md b/README.md index fe61e32..864f3e9 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,8 @@ The listing below details the CLI arguments SharpHound supports. Additional deta --collectallproperties Collect all LDAP properties from objects + --skipdenyacescount Skip collecting custom deny ACE counts in LDAP object properties + -l, --Loop Loop computer collection --loopduration Loop duration (hh:mm:ss - 05:00:00 is 5 hours, default: 2 hrs) diff --git a/src/Options.cs b/src/Options.cs index bdc84e2..98ed40b 100644 --- a/src/Options.cs +++ b/src/Options.cs @@ -139,6 +139,9 @@ public class Options [Option(HelpText = "Collect all LDAP properties from objects")] public bool CollectAllProperties { get; set; } + + [Option(HelpText = "Skip collecting custom deny ACE counts in LDAP object properties")] + public bool SkipDenyAcesCount { get; set; } [Option(HelpText = "Split the main ldap query into smaller chunks to attempt to reduce server load")] public bool PartitionLdapQueries { get; set; } diff --git a/src/PowerShell/Template.ps1 b/src/PowerShell/Template.ps1 index f19d7bb..6292b2e 100644 --- a/src/PowerShell/Template.ps1 +++ b/src/PowerShell/Template.ps1 @@ -184,6 +184,10 @@ .PARAMETER CollectAllProperties Collect all string LDAP properties on objects + + .PARAMETER SkipDenyAcesCount + + Skip collecting custom deny ACE counts in LDAP object properties .PARAMETER Loop @@ -360,6 +364,9 @@ [Switch] $CollectAllProperties, + [Switch] + $SkipDenyAcesCount, + [Switch] $Loop, diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs index 457ddbf..5d2f5e6 100644 --- a/src/Runtime/ObjectProcessors.cs +++ b/src/Runtime/ObjectProcessors.cs @@ -581,7 +581,7 @@ private async Task ProcessGPOObject(IDirectoryObject entry, } if (_methods.HasFlag(CollectionMethod.ObjectProps)) { - ret.Properties = ContextUtils.Merge(ret.Properties, LdapPropertyProcessor.ReadGPOProperties(entry)); + ret.Properties = ContextUtils.Merge(ret.Properties, await _ldapPropertyProcessor.ReadGPOProperties(entry)); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); @@ -611,7 +611,7 @@ private async Task ProcessOUObject(IDirectoryObject entry, } if (_methods.HasFlag(CollectionMethod.ObjectProps)) { - ret.Properties = ContextUtils.Merge(ret.Properties, LdapPropertyProcessor.ReadOUProperties(entry)); + ret.Properties = ContextUtils.Merge(ret.Properties, await _ldapPropertyProcessor.ReadOUProperties(entry)); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); @@ -662,7 +662,7 @@ private async Task ProcessContainerObject(IDirectoryObject entry, if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { ret.Properties = - ContextUtils.Merge(LdapPropertyProcessor.ReadContainerProperties(entry), ret.Properties); + ContextUtils.Merge(await _ldapPropertyProcessor.ReadContainerProperties(entry), ret.Properties); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); @@ -693,7 +693,7 @@ private async Task ProcessRootCA(IDirectoryObject entry, ResolvedSearchR } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var props = LdapPropertyProcessor.ReadRootCAProperties(entry); + var props = await _ldapPropertyProcessor.ReadRootCAProperties(entry); ret.Properties.Merge(props); } @@ -724,7 +724,7 @@ private async Task ProcessAIACA(IDirectoryObject entry, ResolvedSearchRes } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var props = LdapPropertyProcessor.ReadAIACAProperties(entry); + var props = await _ldapPropertyProcessor.ReadAIACAProperties(entry); ret.Properties.Merge(props); } @@ -754,7 +754,7 @@ private async Task ProcessEnterpriseCA(IDirectoryObject entry, Res } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var props = LdapPropertyProcessor.ReadEnterpriseCAProperties(entry); + var props = await _ldapPropertyProcessor.ReadEnterpriseCAProperties(entry); ret.Properties.Merge(props); // Enabled cert templates @@ -871,7 +871,7 @@ private async Task ProcessNTAuthStore(IDirectoryObject entry, } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var props = LdapPropertyProcessor.ReadNTAuthStoreProperties(entry); + var props = await _ldapPropertyProcessor.ReadNTAuthStoreProperties(entry); if (entry.TryGetByteArrayProperty(LDAPProperties.CACertificate, out var rawCertificates)) { var certificates = from rawCertificate in rawCertificates @@ -910,7 +910,7 @@ private async Task ProcessCertTemplate(IDirectoryObject entry, } if (_methods.HasFlag(CollectionMethod.ObjectProps) || _methods.HasFlag(CollectionMethod.CertServices)) { - var certTemplatesProps = LdapPropertyProcessor.ReadCertTemplateProperties(entry); + var certTemplatesProps = await _ldapPropertyProcessor.ReadCertTemplateProperties(entry); ret.Properties.Merge(certTemplatesProps); } @@ -956,4 +956,4 @@ private async Task ProcessIssuancePolicy(IDirectoryObject entry, return ret; } } -} \ No newline at end of file +} diff --git a/src/Sharphound.cs b/src/Sharphound.cs index 1229650..f0cebd1 100644 --- a/src/Sharphound.cs +++ b/src/Sharphound.cs @@ -104,7 +104,8 @@ await options.WithParsedAsync(async options => DisableSigning = options.DisableSigning, ForceSSL = options.ForceSecureLDAP, AuthType = AuthType.Negotiate, - DisableCertVerification = options.DisableCertVerification + DisableCertVerification = options.DisableCertVerification, + SkipDenyAcesCount = options.SkipDenyAcesCount }; if (options.DomainController != null) ldapOptions.Server = options.DomainController; @@ -264,4 +265,4 @@ public static void InvokeSharpHound(string[] args) { } #endregion -} \ No newline at end of file +}