(CRITICAL) No import with SharpHound v2.0.0

Question

(CRITICAL) No import with SharpHound v2.0.0

1mm0rt41PC opened this issue 10 months ago · comments

Describe the bug
When using https://github.com/BloodHoundAD/SharpHound/releases/tag/v2.0.0
The import via zip doesn't work at all.
If unzipped, it's possible to import all json but not computers.

To Reproduce
Steps to reproduce the behavior:

Grab datas via SharpHound 2.0 (https://github.com/BloodHoundAD/SharpHound/releases/tag/v2.0.0)

C:\> SharpHound.exe -d unicorn.local -c All --ldapusername yyyyy --ldappassword xxxxx
2023-09-06T10:11:36.0588127+02:00|INFORMATION|This version of SharpHound is compatible with the 4.3.1 Release of BloodHound
2023-09-06T10:11:36.1631347+02:00|INFORMATION|Resolved Collection Methods: Group, LocalAdmin, GPOLocalGroup, Session, LoggedOn, Trusts, ACL, Container, RDP, ObjectProps, DCOM, SPNTargets, PSRemote, UserRights
2023-09-06T10:11:36.1741398+02:00|INFORMATION|Initializing SharpHound at 10:11 on 06/09/2023
2023-09-06T10:11:40.1732798+02:00|INFORMATION|[CommonLib LDAPUtils]Found usable Domain Controller for unicorn.local : DC01.unicorn.local
2023-09-06T10:11:40.3846940+02:00|INFORMATION|Loaded cache with stats: 1152 ID to type mappings.
 1176 name to SID mappings.
 0 machine sid mappings.
 2 sid to domain mappings.
 0 global catalog mappings.
2023-09-06T10:11:40.3976923+02:00|INFORMATION|Flags: Group, LocalAdmin, GPOLocalGroup, Session, LoggedOn, Trusts, ACL, Container, RDP, ObjectProps, DCOM, SPNTargets, PSRemote, UserRights
2023-09-06T10:11:40.5943943+02:00|INFORMATION|Beginning LDAP search for Sharphound.EnumerationDomain
2023-09-06T10:11:40.5954187+02:00|INFORMATION|Testing ldap connection to unicorn.local
2023-09-06T10:11:41.5370808+02:00|INFORMATION|Producer has finished, closing LDAP channel
2023-09-06T10:11:41.5411036+02:00|INFORMATION|LDAP channel closed, waiting for consumers
2023-09-06T10:12:11.4332554+02:00|INFORMATION|Status: 887 objects finished (+887 29.56667)/s -- Using 53 MB RAM
2023-09-06T10:12:22.0393154+02:00|INFORMATION|Consumers finished, closing output channel
2023-09-06T10:12:32.5592385+02:00|INFORMATION|Output channel closed, waiting for output task to complete
Closing writers
2023-09-06T10:12:32.6096577+02:00|INFORMATION|Status: 1213 objects finished (+33 23.32692)/s -- Using 56 MB RAM
2023-09-06T10:12:32.6096577+02:00|INFORMATION|Enumeration finished in 00:00:52.0203509
2023-09-06T10:12:32.7066857+02:00|INFORMATION|Saving cache with stats: 1152 ID to type mappings.
 1176 name to SID mappings.
 17 machine sid mappings.
 2 sid to domain mappings.
 8 global catalog mappings.
2023-09-06T10:12:32.7126687+02:00|INFORMATION|SharpHound Enumeration Completed at 10:12 on 06/09/2023! Happy Graphing!

Run Neo4j: docker run -d --rm -p 127.0.0.1:7474:7474 -p 127.0.0.1:7687:7687 -e NEO4J_AUTH=neo4j/xxxxx neo4j:4.4.21
Open BloodHound UI https://github.com/BloodHoundAD/BloodHound/releases/tag/v4.3.1
Drag'n'Drop Zip or click on Upload data
The popup stay stuck on 0%
In the developper tools, there is the following message:

Processing 20230906101140_computers.json with 36 entries
bundle.js:85 TypeError: Cannot read property 'Results' of undefined
    at o (bundle.js:85)
    at computers (bundle.js:85)
    at bundle.js:85
    at l (bundle.js:85)
    at Generator._invoke (bundle.js:85)
    at Generator.next (bundle.js:85)
    at mL (bundle.js:85)
    at i (bundle.js:85)
    at bundle.js:85
    at new Promise (<anonymous>)

Expected behavior
Parse the zip and all default json inside...

Screenshots

Fips · Answer 1 · Wed Sep 06 2023 19:30:40 GMT+0800 (China Standard Time)

INFO: Had the same problem, I reran SharpHound in version v1.1.1. The import worked with that ZIP in Bloodhound running version: 4.3.1.

SkiNnerxX · Answer 2 · Wed Sep 06 2023 23:38:56 GMT+0800 (China Standard Time)

Same problem for me. I can import every .json from the SharpHound .zip (Version 2.0.0 with the CollectionMethod Default) except computers.json. I am also using BloodHound version 4.3.1.

str4code · Answer 3 · Sat Sep 09 2023 23:32:54 GMT+0800 (China Standard Time)

Same Problem when using SharpHound 2.0.0, can not upload computers.json. This works for me with no issues:
neo4j 5.11.0
openjdk 17.0.8.1
SharpHound.exe 1.1.1
BloodHound 4.3.1
just in case someone having the same issue.

14mC4 · Answer 4 · Sun Sep 10 2023 04:19:09 GMT+0800 (China Standard Time)

BH 4.3.1 will not import the .zip into it. Shows how much testing actually goes into release.....
updated kali, BH, and neo4j

Reverting to just using the 1.1.1 SharpHound allows for functioning.

ABS · Answer 5 · Wed Oct 11 2023 22:51:07 GMT+0800 (China Standard Time)

Same problem with openjdk-11,neo4j-4.4.8, fix it please.

Jonas Bülow Knudsen · Answer 6 · Wed Oct 11 2023 22:57:00 GMT+0800 (China Standard Time)

Hi,

The SharpHound 2.0 version is only compatible with BloodHound CE (early access) which you can find here: https://github.com/SpecterOps/BloodHound
(When you run SharpHound 2.0 it says it works with v4.3.1 but that is not correct..)
This repo will eventually be deprecated.