Find Kerberoastable Users with Most Privileges does not return nodes
DoubtfulJerboa opened this issue · comments
Describe the bug
The prebuilt query for finding kerberoastable users with the most privileges is unable to return data within bloodhound, as the cypher query does not return a node object. However, the cypher query does return data within neo4j as a table of values.
Additional context
The query: (BloodHound\src\components\SearchContainer\Tabs\PrebuiltQueries.json -line 225)
MATCH (u:User {hasspn:true}) OPTIONAL MATCH (u)-[:AdminTo]->(c1:Computer) OPTIONAL MATCH (u)-[:MemberOf*1..]->(:Group)-[:AdminTo]->(c2:Computer) WITH u,COLLECT(c1) + COLLECT(c2) AS tempVar UNWIND tempVar AS comps RETURN u.name,COUNT(DISTINCT(comps)) ORDER BY COUNT(DISTINCT(comps)) DESC
Can be changed to:
MATCH (u:User {hasspn:true}) OPTIONAL MATCH (u)-[:AdminTo]->(c1:Computer) OPTIONAL MATCH (u)-[:MemberOf*1..]->(:Group)-[:AdminTo]->(c2:Computer) WITH u,COLLECT(c1) + COLLECT(c2) AS tempVar UNWIND tempVar AS comps RETURN u,COUNT(DISTINCT(comps)) ORDER BY COUNT(DISTINCT(comps)) DESC
By changing RETURN u.name to RETURN u, the Cypher query will return node objects that can be displayed within BloodHound
Closing - Fixed in 4.3.1 🥳