Fix edge-case in constrained delegation parsing logic #180
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Missed a similar call
chvancooten
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This (VERY simple) PR fixes an edge case I encountered in our production environment, where user and computer objects would have an SPN set for delegation in the following format:
This would be parsed incorrectly by
BloodHound.py, leading to a fatal error with the\e0escape (UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe0 in position 11: invalid continuation byte) upstream inpyasn1.Since the SAM should not contain the extraneous information from this SPN anyway, the fix for this is simple, we add another
splitcall to remove anything that does not belong to the ASN. In my testing, this fixed the edge case.