Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to setup LDAP Query Filter #73

Closed
xZhiLx opened this issue Oct 31, 2023 · 5 comments
Closed

Failed to setup LDAP Query Filter #73

xZhiLx opened this issue Oct 31, 2023 · 5 comments

Comments

@xZhiLx
Copy link

xZhiLx commented Oct 31, 2023

./sharphound.exe -d domain --ldapusername redacted --ldappassword -redacted

2023-10-30T18:48:32.7077262-07:00|WARNING|[CommonLib LDAPUtils]Failed to setup LDAP Query Filter
SharpHoundCommonLib.Exceptions.LDAPQueryException: Error creating LDAP connection: GetDomain call failed for REDACTED
at SharpHoundCommonLib.LDAPUtils.d__51.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at SharpHoundCommonLib.LDAPUtils.SetupLDAPQueryFilter(String ldapFilter, SearchScope scope, String[] props, Boolean includeAcl, String domainName, Boolean showDeleted, String adsPath, Boolean globalCatalog, Boolean skipCache)

does anyone also encounter this issue? I'm trying to run it and it keeps on showing multiple warnings in different domains and endpoints. I wonder if this also affects the results because when I try to upload the _computer.json it stucks at 0% forever.
@JonasBK
Copy link
Collaborator

JonasBK commented Oct 31, 2023

Hi,

What version of SharpHound are you running? I tested in my lab with v2.0.1 and did not experience that warning:
image

If your computers.json is stuck at 0% it is likely because the SharpHound version is not compatible with the BloodHound version. What version of BloodHound are you running?

@xZhiLx
Copy link
Author

xZhiLx commented Nov 7, 2023
edited
Loading

I see. I think it's just my environment. but I'm not sure what causes the issue/warning "GetDomain call failed".

I also tried using the latest Bloodhound in docker. but when trying to upload or ingest the logs _computer.json in the bloodhound it displays the status "Failed" and a status message "Analysis Failed".

image

That time I'm using the legacy version of Bloodhound from this documentation:
https://bloodhound.readthedocs.io/en/latest/installation/linux.html

@JonasBK
Copy link
Collaborator

JonasBK commented Nov 7, 2023

I'm not sure what's causing the "GetDomain call failed" error. Maybe it's related to DNS or LDAP requirements. Can enumerate the domain using other tools from that host?

BloodHound CE (docker version) is only compatible with SharpHound 2.x. Was the data you ingested perhaps from SharpHound v1.x?

@JonasBK
Copy link
Collaborator

JonasBK commented Nov 7, 2023

You can also try to run SharpHound with -v 0 to get additional logging. That might help us understand why it is failing.

@xZhiLx
Copy link
Author

xZhiLx commented Nov 10, 2023

I was already able to upload the _computer.json in Bloodhound, it appears to be a version compatibility issue. thanks

@xZhiLx xZhiLx closed this as completed Nov 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JonasBK @xZhiLx