Tested prior SharpHound collection file upload followed by newer vers…

…ion file upload
SpecterOps · Dec 2, 2024 · 0ad719d · 0ad719d
1 parent 6f5ce5b
commit 0ad719d
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 4 deletions.
diff --git a/packages/cue/bh/ad/ad.cue b/packages/cue/bh/ad/ad.cue
@@ -763,6 +763,13 @@ DoesAnyInheritedAceGrantOwnerRights: types.#StringEnum & {
  	representation: "doesanyinheritedacegrantownerrights"
 }
 
+OwnerSid: types.#StringEnum & {
+	symbol: "OwnerSid"
+ 	schema: "ad"
+ 	name: "Owner SID"
+ 	representation: "ownersid"
+}
+
 Properties: [
 	AdminCount,
 	CASecurityCollected,
@@ -868,7 +875,8 @@ Properties: [
 	GMSA,
 	MSA,
 	DoesAnyAceGrantOwnerRights,
-	DoesAnyInheritedAceGrantOwnerRights
+	DoesAnyInheritedAceGrantOwnerRights,
+	OwnerSid
 ]
 
 // Kinds
@@ -1458,6 +1466,8 @@ ACLRelationships: [
 	WritePKINameFlag,
 	WriteOwnerLimitedRights,
 	OwnsLimitedRights,
+	OwnsRaw,
+	WriteOwnerRaw
 ]
 
 // Edges that are used in pathfinding

diff --git a/packages/go/ein/ad.go b/packages/go/ein/ad.go
@@ -61,7 +61,7 @@ func convertOwnsEdgeToProperty(item IngestBase, itemProps map[string]any) {
 		if rightName, err := analysis.ParseKind(ace.RightName); err != nil {
 			continue
 		} else if rightName.Is(ad.Owns) || rightName.Is(ad.OwnsRaw) {
-			itemProps[common.OwnerObjectID.String()] = ace.PrincipalSID
+			itemProps[ad.OwnerSid.String()] = ace.PrincipalSID
 			return
 		}
 	}

diff --git a/packages/go/graphschema/ad/ad.go b/packages/go/graphschema/ad/ad.go
diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts
@@ -420,6 +420,7 @@ export enum ActiveDirectoryKindProperties {
     MSA = 'msa',
     DoesAnyAceGrantOwnerRights = 'doesanyacegrantownerrights',
     DoesAnyInheritedAceGrantOwnerRights = 'doesanyinheritedacegrantownerrights',
+    OwnerSid = 'ownersid',
 }
 export function ActiveDirectoryKindPropertiesToDisplay(value: ActiveDirectoryKindProperties): string | undefined {
     switch (value) {
@@ -633,6 +634,8 @@ export function ActiveDirectoryKindPropertiesToDisplay(value: ActiveDirectoryKin
             return 'Does Any ACE Grant Owner Rights';
         case ActiveDirectoryKindProperties.DoesAnyInheritedAceGrantOwnerRights:
             return 'Does Any Inherited ACE Grant Owner Rights';
+        case ActiveDirectoryKindProperties.OwnerSid:
+            return 'Owner SID';
         default:
             return undefined;
     }