Sharphound 1.0.3 Missing Data #548
Comments
|
Use the -TrackComputerCalls flag to see why its not giving you any data on this machine |
|
Tested against a system and this is the output. However SharpView returns data as expected. |
|
I'm getting the same issue, with |
|
Yeah I had this issue too! |
|
So when we check if a computer is available, we do a check for port 445 being open with a short timeout. You can up that timeout with |
@rvazarkar Why is the default value 500? Wouldn't that mean 1/2 a second? If that is the case then no wonder if there are false negatives. |
|
Its 500 because in our testing, that was good enough. Bumping it to 2000 will increase enumeration time significantly on every env. |
I'm attempting to collect LocalAdmin data against a domain but I'm not getting any results. My understanding is that I should be able to collect this information from pre-2016 servers without needing local admin on the remote server. Using SharpView with Get-NetLocalGroupmember I am able to get the results as expected but looking at the JSON from SharpHound 1.0.3 I'm not sure if the collection even ran as everything says
Collected:false.{"data":[{"PrimaryGroupSID":null,"AllowedToDelegate":[],"AllowedToAct":[],"HasSIDHistory":[],"Sessions":{"Results":[],"Collected":false,"FailureReason":null},"PrivilegedSessions":{"Results":[],"Collected":false,"FailureReason":null},"RegistrySessions":{"Results":[],"Collected":false,"FailureReason":null},"LocalAdmins":{"Results":[],"Collected":false,"FailureReason":null},"RemoteDesktopUsers":{"Results":[],"Collected":false,"FailureReason":null},"DcomUsers":{"Results":[],"Collected":false,"FailureReason":null},"PSRemoteUsers":{"Results":[],"Collected":false,"FailureReason":null},"Status":null,"Aces":[]...snip...The text was updated successfully, but these errors were encountered: