diff --git a/Sharphound2/App.config b/Sharphound2/App.config
index 49cc43e..51278a4 100644
--- a/Sharphound2/App.config
+++ b/Sharphound2/App.config
@@ -1,3 +1,3 @@
-
+
-
\ No newline at end of file
+
diff --git a/Sharphound2/Enumeration/EnumerationRunner.cs b/Sharphound2/Enumeration/EnumerationRunner.cs
index b818df5..a7852f8 100644
--- a/Sharphound2/Enumeration/EnumerationRunner.cs
+++ b/Sharphound2/Enumeration/EnumerationRunner.cs
@@ -949,6 +949,14 @@ private Task StartListRunner(BlockingCollection> input, Blocking
{
timeout = true;
}
+ try
+ {
+ obj.RemoteManagementUsers = LocalGroupHelpers.GetGroupMembers(full, LocalGroupHelpers.LocalGroupRids.RemoteManagementUsers).ToArray();
+ }
+ catch (TimeoutException)
+ {
+ timeout = true;
+ }
try
{
@@ -1137,6 +1145,16 @@ private Task StartRunner(BlockingCollection> processQ
timeout = true;
}
+ try
+ {
+ obj.RemoteManagementUsers = LocalGroupHelpers.GetGroupMembers(resolved,
+ LocalGroupHelpers.LocalGroupRids.RemoteManagementUsers).ToArray();
+ }
+ catch (TimeoutException)
+ {
+ timeout = true;
+ }
+
try
{
foreach (var s in SessionHelpers.GetNetSessions(resolved, domain))
diff --git a/Sharphound2/Enumeration/LocalGroupHelpers.cs b/Sharphound2/Enumeration/LocalGroupHelpers.cs
index a6d2a8e..c575f43 100644
--- a/Sharphound2/Enumeration/LocalGroupHelpers.cs
+++ b/Sharphound2/Enumeration/LocalGroupHelpers.cs
@@ -254,6 +254,9 @@ public static IEnumerable GetGroupMembers(ResolvedEntry entry, Loca
if (rid.Equals(LocalGroupRids.DcomUsers) && !Utils.IsMethodSet(ResolvedCollectionMethod.DCOM))
yield break;
+ if (rid.Equals(LocalGroupRids.RemoteManagementUsers) && !Utils.IsMethodSet(ResolvedCollectionMethod.LocalAdmin)) //TODO add proper collection method
+ yield break;
+
Utils.Debug("Starting GetSamAdmins");
string machineSid = null;
Utils.Debug("Starting Task");
@@ -782,6 +785,11 @@ public static IEnumerable GetGpoMembers(SearchResultEntry entry, stri
Type = x.Type
}).ToArray(),
DcomUsers = resolvedList.Where((x) => x.RID == 562).Select((x) => new LocalMember
+ {
+ Name = x.Name,
+ Type = x.Type
+ }).ToArray(),
+ RemoteManagementUsers = resolvedList.Where((x) => x.RID == 580).Select((x) => new LocalMember
{
Name = x.Name,
Type = x.Type
@@ -848,7 +856,8 @@ internal enum LocalGroupRids
{
Administrators = 544,
RemoteDesktopUsers = 555,
- DcomUsers = 562
+ DcomUsers = 562,
+ RemoteManagementUsers = 580
}
#region LSA Imports
diff --git a/Sharphound2/JsonObjects/Computer.cs b/Sharphound2/JsonObjects/Computer.cs
index 0e18173..c47b031 100644
--- a/Sharphound2/JsonObjects/Computer.cs
+++ b/Sharphound2/JsonObjects/Computer.cs
@@ -17,6 +17,7 @@ public string Name
public LocalMember[] LocalAdmins { get; set; }
public LocalMember[] RemoteDesktopUsers { get; set; }
public LocalMember[] DcomUsers { get; set; }
+ public LocalMember[] RemoteManagementUsers { get; set; }
public string[] AllowedToDelegate { get; set; }
public LocalMember[] AllowedToAct { get; set; }
public ACL[] Aces { get; set; }
diff --git a/Sharphound2/JsonObjects/GpoMember.cs b/Sharphound2/JsonObjects/GpoMember.cs
index 64ac51c..b281f2f 100644
--- a/Sharphound2/JsonObjects/GpoMember.cs
+++ b/Sharphound2/JsonObjects/GpoMember.cs
@@ -6,5 +6,6 @@ internal class GpoMember : JsonBase
public LocalMember[] RemoteDesktopUsers { get; set; }
public LocalMember[] LocalAdmins { get; set; }
public LocalMember[] DcomUsers { get; set; }
+ public LocalMember[] RemoteManagementUsers { get; set; }
}
}
diff --git a/Sharphound2/Sharphound2.csproj b/Sharphound2/Sharphound2.csproj
index 677c7bb..bb254fa 100644
--- a/Sharphound2/Sharphound2.csproj
+++ b/Sharphound2/Sharphound2.csproj
@@ -8,10 +8,11 @@
Exe
Sharphound2
SharpHound
- v3.5
+ v4.5
512
+
AnyCPU
@@ -22,6 +23,7 @@
DEBUG;TRACE
prompt
4
+ false
AnyCPU
@@ -31,9 +33,11 @@
TRACE
prompt
4
+ false
- favicon.ico
+
+