JeremyS132
commented
5 years ago Bump anyone have any insight on how to get this working? We didn't have any issues with the old Bloodhound.
Open JeremyS132 opened 5 years ago
JeremyS132
commented
5 years ago Bump anyone have any insight on how to get this working? We didn't have any issues with the old Bloodhound.
rvazarkar
commented
5 years ago Looks like you're running into a crash of some kind. Can you run the exe directly if you're using the .ps1?
JeremyS132
commented
5 years ago Sorry, I forgot to mention I am seeing this error with both the .ps1 and the .exe. They both get to the same point and just die out. They both only seem to enumerate 862 objects.
rvazarkar
commented
5 years ago I just recently pushed several changes, can you update your ingestor and try it again?
JeremyS132
commented
5 years ago Unfortunately, I am still seeing the same issue:
.\SharpHound.exe --Verbose Initializing BloodHound at 3:27 PM on 2/18/2019 Resolved Collection Methods to Group, LocalAdmin, Session, Trusts, RDP, DCOM Starting Enumeration for [redacted] Status: 862 objects enumerated (+862 28.73333/s --- Using 45 MB RAM ) Status: 862 objects enumerated (+0 14.36667/s --- Using 45 MB RAM ) Status: 862 objects enumerated (+0 9.577778/s --- Using 45 MB RAM ) Status: 862 objects enumerated (+0 7.183333/s --- Using 46 MB RAM )
Edit: Seeing the same for both .ps1 and .exe
rvazarkar
commented
5 years ago Can you do collection methods individually so we can narrow down which particular method is causing issues?
JeremyS132
commented
5 years ago I was able to run trusts successfully. I ran session and it appeared that it was going to succeed but I am seeing this:
Status: 1119 objects enumerated (+0 0.5564396/s --- Using 47 MB RAM ) Status: 1119 objects enumerated (+0 0.5482606/s --- Using 47 MB RAM ) Status: 1119 objects enumerated (+0 0.5403187/s --- Using 47 MB RAM ) Status: 1119 objects enumerated (+0 0.5326035/s --- Using 48 MB RAM ) Status: 1119 objects enumerated (+0 0.5251056/s --- Using 48 MB RAM ) Status: 1119 objects enumerated (+0 0.5178158/s --- Using 49 MB RAM )
Ran with the following flags: .\SharpHound.exe --Verbose --SkipPing --CollectionMethod Session --Domain [redacted] --Threads 20
rvazarkar
commented
5 years ago That happens sometimes, it'll take a while but it'll eventually finish.
JeremyS132
commented
5 years ago Any ideas on how long it would take to finish? I've let it run for quite some time and it still hasn't finished. Still seeing the above.
I am running SharpHound as a standard domain user. In the past, we were able to run BloodHound with no issues. I am using the default collection and running it with -verbose. We will get an initial run of 862 objects and it never increases from there all the output continues to show is below:
Initializing BloodHound at 11:40 AM on 2/7/2019 Resolved Collection Methods to Group, LocalGroup, Session, Trusts Starting Enumeration for [redacted] Status: 862 objects enumerated (+862 28.73333/s --- Using 90 MB RAM ) Status: 862 objects enumerated (+0 14.36667/s --- Using 90 MB RAM ) Status: 862 objects enumerated (+0 9.577778/s --- Using 47 MB RAM )
I have tried with multiple different options and flags and I cannot seem to get it to work.