Find Kerberoastable Users with Most Privileges does not return nodes

Question

Find Kerberoastable Users with Most Privileges does not return nodes

DoubtfulJerboa opened this issue 2 years ago · comments

Describe the bug
The prebuilt query for finding kerberoastable users with the most privileges is unable to return data within bloodhound, as the cypher query does not return a node object. However, the cypher query does return data within neo4j as a table of values.

Screenshots

Additional context
The query: (BloodHound\src\components\SearchContainer\Tabs\PrebuiltQueries.json -line 225)
MATCH (u:User {hasspn:true}) OPTIONAL MATCH (u)-[:AdminTo]->(c1:Computer) OPTIONAL MATCH (u)-[:MemberOf*1..]->(:Group)-[:AdminTo]->(c2:Computer) WITH u,COLLECT(c1) + COLLECT(c2) AS tempVar UNWIND tempVar AS comps RETURN u.name,COUNT(DISTINCT(comps)) ORDER BY COUNT(DISTINCT(comps)) DESC
Can be changed to:
MATCH (u:User {hasspn:true}) OPTIONAL MATCH (u)-[:AdminTo]->(c1:Computer) OPTIONAL MATCH (u)-[:MemberOf*1..]->(:Group)-[:AdminTo]->(c2:Computer) WITH u,COLLECT(c1) + COLLECT(c2) AS tempVar UNWIND tempVar AS comps RETURN u,COUNT(DISTINCT(comps)) ORDER BY COUNT(DISTINCT(comps)) DESC

By changing RETURN u.name to RETURN u, the Cypher query will return node objects that can be displayed within BloodHound

Jonas Bülow Knudsen · Answer 1 · Wed May 24 2023 12:44:49 GMT+0800 (China Standard Time)

Closing - Fixed in 4.3.1 🥳