rusthound 1.1.69

Active Directory data collector for Bloodhound written in rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

use ldap3::SearchEntry;
use std::collections::HashMap;
//use log::trace;

/// Enum to get ldap object type.
pub enum Type {
    User,
    Computer,
    Group,
    Ou,
    Domain,
    Gpo,
    ForeignSecurityPrincipal,
    Container,
    Trust,
    AdcsAuthority,
    AdcsTemplate,
    Unknown
}

/// Get object type, like ("user","group","computer","ou", "container", "gpo", "domain" "trust").
pub fn get_type(result: SearchEntry) -> std::result::Result<Type, Type>
{
    let result_attrs: HashMap<String, Vec<String>>;
    result_attrs = result.attrs;

    //trace!("{:?}",&result_attrs);

    // For all entries I checked if is an user,group,computer,ou,domain
    for (key, value) in &result_attrs 
    {
        // Type is user
        if key == "objectClass" && value.contains(&String::from("person")) && value.contains(&String::from("user")) && !value.contains(&String::from("computer")) && !value.contains(&String::from("group"))
        {
            return Ok(Type::User)
        }
        // Type is user if is service-account
        if key == "objectClass" && value.contains(&String::from("msDS-GroupManagedServiceAccount"))
        {
            return Ok(Type::User)
        }
        // Type is group
        if key == "objectClass" && value.contains(&String::from("group"))
        {
            return Ok(Type::Group)
        }
        // Type is computer
        if key == "objectClass" && value.contains(&String::from("computer"))
        {
            return Ok(Type::Computer)
        }
        // Type is ou
        if key == "objectClass" && value.contains(&String::from("organizationalUnit"))
        {
            return Ok(Type::Ou)
        }
        // Type is domain
        if key == "objectClass" && value.contains(&String::from("domain"))
        {
            return Ok(Type::Domain)     
        }
        // Type is Gpo
        if key == "objectClass" && value.contains(&String::from("groupPolicyContainer"))
        {
            return Ok(Type::Gpo)
        }
        // Type is foreignSecurityPrincipal
        if key == "objectClass" && value.contains(&String::from("top")) && value.contains(&String::from("foreignSecurityPrincipal"))
        {
            return Ok(Type::ForeignSecurityPrincipal)
        }
        // Type is Container
        if key == "objectClass" && (value.contains(&String::from("top")) && value.contains(&String::from("container"))) && !value.contains(&String::from("groupPolicyContainer"))
        {
            return Ok(Type::Container)
        }
        // Type is Trust domain
        if key == "objectClass" && value.contains(&String::from("trustedDomain"))
        {
            return Ok(Type::Trust)
        }
        // Type is ADCS Certificate Authority
        if key == "objectClass" && value.contains(&String::from("pKIEnrollmentService"))
        {
            return Ok(Type::AdcsAuthority)
        }
        // Type is ADCS Certificate Template
        if key == "objectClass" && value.contains(&String::from("pKICertificateTemplate"))
        {
            return Ok(Type::AdcsTemplate)
        }
    }
    return Err(Type::Unknown)
}