search

Mazars-Tech / AD_Miner

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
GNU General Public License v3.0
1.09k stars 110 forks source link

TypeError in krb_pwd_last_set #133

Closed 0xSH4RKS closed 4 months ago

0xSH4RKS commented 5 months ago

Describe the bug On a fresh kali VM and AD-Miner installation through pipx we fail with the error underneath.

Terminal Output

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/home/kali/tools/AD_Miner-1.2.0/ad_miner/__main__.py", line 189, in main
    rating_dic = rating(users, domains, computers, objects, azure, arguments)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/tools/AD_Miner-1.2.0/ad_miner/sources/modules/rating.py", line 35, in rating
    max([dict["pass_last_change"] for dict in users.users_krb_pwd_last_set], default=None),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: '>' not supported between instances of 'int' and 'NoneType'

Screenshots If applicable, add screenshots to help explain your problem.

image

System information

Potential Solution

def rating(users, domains, computers, objects, azure, arguments):
    d["on_premise"][
        time_since(
            max((dict["pass_last_change"] for dict in users.users_krb_pwd_last_set if dict["pass_last_change"] is not None), default=None),
            age=1 * 365,
            criticity=2,
        )
    ].append("krb_last_change")
    # The rest of your function remains unchanged.

def create_dico_data(data, arguments, domains, computers, users, objects, azure, dico_rating_color):
    dico_data = {
        # Other initializations
        "krb_last_change": max([dict["pass_last_change"] for dict in users.users_krb_pwd_last_set if dict["pass_last_change"] is not None], default=0),
        # Continue with other data points
    }
    return dico_data
jmbesnard commented 5 months ago

Thanks for reporting this. We will come up with a fix to be merged to dev branch and later on in a release. Out of curiosity, could you please tell us if data have been collected with SH (which version) or bloodhound.py or rusthound ? thanks

dreamkinn commented 5 months ago

Hey, if you have time can you check with this PR : https://github.com/Mazars-Tech/AD_Miner/pull/135

Also, for posterity, could you dump the value (or absence of) the attribute pwdlastset on the problematic user(s) ?

0xSH4RKS commented 5 months ago

Sure, collected the data with bloodhound.py

jmbesnard commented 4 months ago

Sorry for the delay. Fixed in the latest release