Skip to content

[bug-fix] Function get_entry_property() is not expecting a None entry, leading to TypeError: 'NoneType' object is not subscriptable #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dirkjanm merged 1 commit into from
Jul 26, 2024
Merged

[bug-fix] Function get_entry_property() is not expecting a None entry, leading to TypeError: 'NoneType' object is not subscriptable #183

dirkjanm merged 1 commit into from
Jul 26, 2024

Conversation

@p0dalirius
Copy link
Contributor

@p0dalirius p0dalirius commented May 14, 2024

Hi,

I found a bug in the get_entry_property function when a NoneType entry is passed:

# ./bloodhound.py --zip -c All -d "$DOMAIN" -u "$USER" -p "$PASSWORD" -dc "$DC_HOST" --use-ldaps
INFO: Found AD domain: LAB.local
WARNING: Could not find a global catalog server, assuming the primary DC has this role
If this gives errors, either specify a hostname with -gc or disable gc resolution with --disable-autogc
INFO: Getting TGT for user
INFO: Connecting to LDAP server: DC01.LAB.local
INFO: Found 1 domains
INFO: Found 1 domains in the forest
INFO: Found 2156 computers
INFO: Connecting to GC LDAP server: DC01.LAB.local
WARNING: LDAP Authentication is refused because LDAP signing is enabled. Trying to connect over LDAPS instead...
INFO: Connecting to LDAP server: DC01.LAB.local
Traceback (most recent call last):
  File "/tmp/BloodHound.py/./bloodhound.py", line 5, in <module>
    bloodhound.main()
  File "/tmp/BloodHound.py/bloodhound/__init__.py", line 343, in main
    bloodhound.run(collect=collect,
  File "/tmp/BloodHound.py/bloodhound/__init__.py", line 81, in run
    membership_enum.enumerate_memberships(timestamp=timestamp, fileNamePrefix=fileNamePrefix)
  File "/tmp/BloodHound.py/bloodhound/enumeration/memberships.py", line 844, in enumerate_memberships
    self.enumerate_users(timestamp, fileNamePrefix)
  File "/tmp/BloodHound.py/bloodhound/enumeration/memberships.py", line 183, in enumerate_users
    'ObjectType': ADUtils.resolve_ad_entry(
                  ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/BloodHound.py/bloodhound/ad/utils.py", line 278, in resolve_ad_entry
    account = ADUtils.get_entry_property(entry, 'sAMAccountName', '')
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/BloodHound.py/bloodhound/ad/utils.py", line 362, in get_entry_property
    value = entry['attributes'][prop]
            ~~~~~^^^^^^^^^^^^^^
TypeError: 'NoneType' object is not subscriptable

The problem takes its source here, the SID resolution can return None:

image

Then the value cascades into the resolve_ad_entry() function, which calls get_entry_property(). As get_entry_property() is not expecting a None entry, it crashes and breaks the whole process.

Fixed in this pull request

Best regards,

@p0dalirius p0dalirius mentioned this pull request May 14, 2024
Closed
@dirkjanm dirkjanm merged commit c3ae9fe into dirkjanm:master Jul 26, 2024
@dirkjanm
Copy link
Owner

dirkjanm commented Jul 26, 2024

ty!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@p0dalirius @dirkjanm