Comments (5)
Thanks for the problem report. I haven't had anywhere to run it with forests yet, but I'd be very interested in supporting it.
I have prepared it for doing multiple dumps and then merging everything together during the analysis phase, which would probably be the way to do it.
Much of this tool has been done on assumptions, and in your scenario obviously they were wrong ;-)
I wasn't aware that the German version had localized names for the built in groups. I have some work going on supporting the localized group names for member computers (Administrators etc.) but I need a good source for it.
Feel free to reach out via Twitter or other means if you want to collaborate on getting this to work.
from adalanche.
I've used the following powershell snipped to tanslate most of the SIDs_
$GroupNames | %{$_."German Name" = [System.Security.Principal.SecurityIdentifier]::new($_.SID).Translate([System.Security.Principal.NTAccount]).Value}
I've taken the names from https://github.com/lkarlslund/adalanche/blob/master/modules/windowssecurity/wellknown.go
Most of the names missing translation are names which can't be translated into a System.Security.Principal.NTAccount
like for example mandatory Levels.
I'm not sure those have a german translation since the german documentation on these on docs.microsoft.com is a machine translated site itself -.-'
I hope this will help a bit.
translated SID json
[
{
"SID": "S-1-0",
"English Name": "Null Authority",
"German Name": ""
},
{
"SID": "S-1-0-0",
"English Name": "Nobody",
"German Name": "NULL SID"
},
{
"SID": "S-1-1",
"English Name": "World Authority",
"German Name": ""
},
{
"SID": "S-1-1-0",
"English Name": "Everyone",
"German Name": "Jeder"
},
{
"SID": "S-1-16-0",
"English Name": "Untrusted Mandatory Level",
"German Name": ""
},
{
"SID": "S-1-16-12288",
"English Name": "High Mandatory Level",
"German Name": ""
},
{
"SID": "S-1-16-16384",
"English Name": "System Mandatory Level",
"German Name": ""
},
{
"SID": "S-1-16-20480",
"English Name": "Protected Process Mandatory Level",
"German Name": ""
},
{
"SID": "S-1-16-28672",
"English Name": "Secure Process Mandatory Level",
"German Name": ""
},
{
"SID": "S-1-16-4096",
"English Name": "Low Mandatory Level",
"German Name": ""
},
{
"SID": "S-1-16-8192",
"English Name": "Medium Mandatory Level",
"German Name": ""
},
{
"SID": "S-1-16-8448",
"English Name": "Medium Plus Mandatory Level",
"German Name": ""
},
{
"SID": "S-1-2",
"English Name": "Local Authority",
"German Name": ""
},
{
"SID": "S-1-2-0",
"English Name": "Local",
"German Name": "LOKAL"
},
{
"SID": "S-1-3",
"English Name": "Creator Authority",
"German Name": ""
},
{
"SID": "S-1-3-0",
"English Name": "Creator Owner",
"German Name": "ERSTELLER-BESITZER"
},
{
"SID": "S-1-3-1",
"English Name": "Creator Group",
"German Name": "ERSTELLERGRUPPE"
},
{
"SID": "S-1-3-2",
"English Name": "Creator Owner Server",
"German Name": "ERSTELLER-BESITZER-SERVER"
},
{
"SID": "S-1-3-3",
"English Name": "Creator Group Server",
"German Name": "ERSTELLER-GRUPPEN-SERVER"
},
{
"SID": "S-1-3-4",
"English Name": "Owner Rights",
"German Name": "EIGENTÜMERRECHTE"
},
{
"SID": "S-1-4",
"English Name": "Non-unique Authority",
"German Name": ""
},
{
"SID": "S-1-5",
"English Name": "NT Authority",
"German Name": ""
},
{
"SID": "S-1-5-1",
"English Name": "Dialup",
"German Name": "NT-AUTORITÄT\\DIALUP"
},
{
"SID": "S-1-5-10",
"English Name": "Principal Self",
"German Name": "NT-AUTORITÄT\\SELBST"
},
{
"SID": "S-1-5-11",
"English Name": "Authenticated Users",
"German Name": "NT-AUTORITÄT\\Authentifizierte Benutzer"
},
{
"SID": "S-1-5-12",
"English Name": "Restricted Code",
"German Name": "NT-AUTORITÄT\\EINGESCHRÄNKTER ZUGRIFF"
},
{
"SID": "S-1-5-13",
"English Name": "Terminal Server Users",
"German Name": "NT-AUTORITÄT\\TERMINALSERVERBENUTZER"
},
{
"SID": "S-1-5-14",
"English Name": "Remote Interactive Logon",
"German Name": "NT-AUTORITÄT\\INTERAKTIVE REMOTEANMELDUNG"
},
{
"SID": "S-1-5-15",
"English Name": "This Organization",
"German Name": "NT-AUTORITÄT\\Diese Organisation"
},
{
"SID": "S-1-5-17",
"English Name": "This Organization",
"German Name": "NT-AUTORITÄT\\IUSR"
},
{
"SID": "S-1-5-18",
"English Name": "Local System",
"German Name": "NT-AUTORITÄT\\SYSTEM"
},
{
"SID": "S-1-5-19",
"English Name": "NT Authority",
"German Name": "NT-AUTORITÄT\\Lokaler Dienst"
},
{
"SID": "S-1-5-2",
"English Name": "Network",
"German Name": "NT-AUTORITÄT\\NETZWERK"
},
{
"SID": "S-1-5-20",
"English Name": "NT Authority",
"German Name": "NT-AUTORITÄT\\Netzwerkdienst"
},
{
"SID": "S-1-5-3",
"English Name": "Batch",
"German Name": "NT-AUTORITÄT\\BATCH"
},
{
"SID": "S-1-5-32-544",
"English Name": "Administrators",
"German Name": "VORDEFINIERT\\Administratoren"
},
{
"SID": "S-1-5-32-545",
"English Name": "Users",
"German Name": "VORDEFINIERT\\Benutzer"
},
{
"SID": "S-1-5-32-546",
"English Name": "Guests",
"German Name": "VORDEFINIERT\\Gäste"
},
{
"SID": "S-1-5-32-547",
"English Name": "Power Users",
"German Name": "VORDEFINIERT\\Hauptbenutzer"
},
{
"SID": "S-1-5-32-548",
"English Name": "Account Operators",
"German Name": "VORDEFINIERT\\Konten-Operatoren"
},
{
"SID": "S-1-5-32-549",
"English Name": "Server Operators",
"German Name": "VORDEFINIERT\\Server-Operatoren"
},
{
"SID": "S-1-5-32-550",
"English Name": "Print Operators",
"German Name": "VORDEFINIERT\\Druck-Operatoren"
},
{
"SID": "S-1-5-32-551",
"English Name": "Backup Operators",
"German Name": "VORDEFINIERT\\Sicherungs-Operatoren"
},
{
"SID": "S-1-5-32-552",
"English Name": "Replicators",
"German Name": "VORDEFINIERT\\Replikations-Operator"
},
{
"SID": "S-1-5-32-554",
"English Name": "Builtin - Pre-Windows 2000 Compatible Access",
"German Name": "VORDEFINIERT\\Prä-Windows 2000 kompatibler Zugriff"
},
{
"SID": "S-1-5-32-555",
"English Name": "Builtin - Remote Desktop Users",
"German Name": "VORDEFINIERT\\Remotedesktopbenutzer"
},
{
"SID": "S-1-5-32-556",
"English Name": "Builtin - Network Configuration Operators",
"German Name": "VORDEFINIERT\\Netzwerkkonfigurations-Operatoren"
},
{
"SID": "S-1-5-32-557",
"English Name": "Builtin - Incoming Forest Trust Builders",
"German Name": "VORDEFINIERT\\Erstellungen eingehender Gesamtstrukturvertrauensstellung"
},
{
"SID": "S-1-5-32-558",
"English Name": "Builtin - Performance Monitor Users",
"German Name": "VORDEFINIERT\\Leistungsüberwachungsbenutzer"
},
{
"SID": "S-1-5-32-559",
"English Name": "Builtin - Performance Log Users",
"German Name": "VORDEFINIERT\\Leistungsprotokollbenutzer"
},
{
"SID": "S-1-5-32-560",
"English Name": "Builtin - Windows Authorization Access Group",
"German Name": "VORDEFINIERT\\Windows-Autorisierungszugriffsgruppe"
},
{
"SID": "S-1-5-32-561",
"English Name": "Builtin - Terminal Server License Servers",
"German Name": "VORDEFINIERT\\Terminalserver-Lizenzserver"
},
{
"SID": "S-1-5-32-562",
"English Name": "Builtin - Distributed COM Users",
"German Name": "VORDEFINIERT\\Distributed COM-Benutzer"
},
{
"SID": "S-1-5-32-569",
"English Name": "Builtin - Cryptographic Operators",
"German Name": "VORDEFINIERT\\Kryptografie-Operatoren"
},
{
"SID": "S-1-5-32-573",
"English Name": "Builtin - Event Log Readers",
"German Name": "VORDEFINIERT\\Ereignisprotokollleser"
},
{
"SID": "S-1-5-32-574",
"English Name": "Builtin - Certificate Service DCOM Access",
"German Name": "VORDEFINIERT\\Zertifikatdienst-DCOM-Zugriff"
},
{
"SID": "S-1-5-32-575",
"English Name": "Builtin - RDS Remote Access Servers",
"German Name": "VORDEFINIERT\\RDS-Remotezugriffsserver"
},
{
"SID": "S-1-5-32-576",
"English Name": "Builtin - RDS Endpoint Servers",
"German Name": "VORDEFINIERT\\RDS-Endpunktserver"
},
{
"SID": "S-1-5-32-577",
"English Name": "Builtin - RDS Management Servers",
"German Name": "VORDEFINIERT\\RDS-Verwaltungsserver"
},
{
"SID": "S-1-5-32-578",
"English Name": "Builtin - Hyper-V Administrators",
"German Name": "VORDEFINIERT\\Hyper-V-Administratoren"
},
{
"SID": "S-1-5-32-579",
"English Name": "Builtin - Access Control Assistance Operators",
"German Name": "VORDEFINIERT\\Zugriffssteuerungs-Unterstützungsoperatoren"
},
{
"SID": "S-1-5-32-580",
"English Name": "Builtin - Remote Management Users",
"German Name": "VORDEFINIERT\\Remoteverwaltungsbenutzer"
},
{
"SID": "S-1-5-32-582",
"English Name": "Storage Replica Administrators",
"German Name": ""
},
{
"SID": "S-1-5-4",
"English Name": "Interactive",
"German Name": "NT-AUTORITÄT\\INTERAKTIV"
},
{
"SID": "S-1-5-6",
"English Name": "Service",
"German Name": "NT-AUTORITÄT\\DIENST"
},
{
"SID": "S-1-5-64-10",
"English Name": "NTLM Authentication",
"German Name": "NT-AUTORITÄT\\NTLM-Authentifizierung"
},
{
"SID": "S-1-5-64-14",
"English Name": "SChannel Authentication",
"German Name": "NT-AUTORITÄT\\SChannel-Authentifizierung"
},
{
"SID": "S-1-5-64-21",
"English Name": "Digest Authentication",
"German Name": "NT-AUTORITÄT\\Digestauthentifizierung"
},
{
"SID": "S-1-5-7",
"English Name": "Anonymous",
"German Name": "NT-AUTORITÄT\\ANONYMOUS-ANMELDUNG"
},
{
"SID": "S-1-5-8",
"English Name": "Proxy",
"German Name": "NT-AUTORITÄT\\PROXY"
},
{
"SID": "S-1-5-80",
"English Name": "NT Service",
"German Name": ""
},
{
"SID": "S-1-5-80-0",
"English Name": "All Services",
"German Name": "NT SERVICE\\ALL SERVICES"
},
{
"SID": "S-1-5-83-0",
"English Name": "NT Virtual Machine - Virtual Machines",
"German Name": "NT VIRTUAL MACHINE\\Virtual Machines"
},
{
"SID": "S-1-5-9",
"English Name": "Enterprise Domain Controllers",
"German Name": "NT-AUTORITÄT\\DOMÄNENCONTROLLER DER ORGANISATION"
},
{
"SID": "S-1-5-90-0",
"English Name": "Windows Manager - Windows Manager Group",
"German Name": "Window Manager\\Window Manager Group"
}
]
from adalanche.
Additional info:
WRN Problem dumping forest DNS zones (maybe it doesn't exist): Failed to execute search request: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
Problem dumping domain DNS zones (maybe it doesn't exist): Failed to execute search request: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
from adalanche.
Thank you, I am not able to write you a DM on Twitter - my account @r41z0r1
from adalanche.
It seems to work as expected after a very short test.
For the child domain you will probably need some of "--dns false", "--schema false" etc. options when doing the domain dump with "adalanche collect activedirectory" to prevent errors from stopping the collection.
from adalanche.
Related Issues (20)
- panic: runtime error: invalid memory address or nil pointer dereference HOT 5
- panic: dedup map mismatch HOT 3
- ERR problem collecting Active Directory objects: failed to get values for object NNNNN: no results for attribute type 4 HOT 6
- Collection on DC without username/password HOT 7
- Web server not starting HOT 2
- Adalanche Collect not working - panic: Exception occurred. (<nil>) HOT 2
- Failed to get values for object 5407: unhandled attribute type 28 HOT 7
- Deselect Node and Edges filter. HOT 3
- The latest release seems to fail on a domain controller
- index out of range HOT 2
- Collector not working HOT 2
- Cannot collect data from sysinternals snapshot HOT 22
- Data files HOT 2
- runtime error: slice bounds out of range HOT 2
- Runtime error: invalid memory address or nil pointer dereference HOT 4
- False passwordCantChange? HOT 2
- UI Elements Improvements HOT 4
- Build Commands fail HOT 2
- runtime error: slice bounds out of range [:2080704] with length 1000000 HOT 1
- Use data in bloodhound HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adalanche.