No ACL input available error #7
Comments
|
Run into similar issue just now. I tried different sharphound.exe. Not how to fix it... |
|
it turns out that line 1436 trying to check if sharphound.exe is running but didn't work. So if one remove the ".exe" from "ShardHound.exe" from line 1436. That will stop the program exit prematurely. ps: btw. I am running windows 10. So this might be working on win7(didn't test.. just guessing). |
|
I haven't been able to retrieve the ACLs from SharpHound even after removing the exe from line 1436. The machine I'm running it on doesn't produce any output when running the exe anyway but does map the domain when running the ps1 script. |
|
I have ran at the same issue, the comment by @stock99 didn't fix it: |
|
Same Issue as @stock99 but his fix didn't change anything for me. Latest Win 10 version. |
|
@gioulisapo have u found a way to fix it, bud ? |
|
Faced with same issue. |
|
Has anyone found a fix for this issue? Seems the developer does not respond. |
|
Fixed the issues that were causing that error. I tried this against HTB: Forest and it worked. Might not work in production environments though. All credit to fox-it. All I did was do some cleaning up on this specific error. |
|
Fix didn't work for me, but identified the issue (at least on my system) : The sharphound command uses the --NoSaveCache option, which throws an error when running the sharphound command directly (v1.0.3). Removing the --NoSaveCache option on line 1413 solved the issue for me ! |
Nice catch. Removed that from my fork. Hopefully that fixes it for you. |
|
I'm on the same HTB challenge and this seemed to work! :D |
|
To solve this, you have to download and use the older sharphound (v2) ingestor. It requires .NET 3.5 though. I learned this from the code (lines 1387-1405) below, you can see it's checking if sharphound is version 2 or not based on the help output. function Is-NewSharphoundVersion([string]$sharphoundLocation){
$result = $false
# Dirty hack to get sharphound version :(
$tmpPath = [system.IO.Path]::GetTempPath()
Start-process -wait -WindowStyle Hidden -filePath $sharphoundLocation -ArgumentList "-h" -RedirectStandardError "$tmpPath\out2.txt"
$sharpHoundHelp = Get-Content "$tmpPath\out2.txt"
$sharphoundVersion = ($sharpHoundHelp -split '`r`n')[0]
Write-Status "Running $($sharphoundVersion)..."
if ($sharphoundVersion.ToLower().Contains("sharphound v2")){
$result = $true
}
Remove-Item "$tmpPath\out2.txt"
return $result
}later on (1412-1418) if it doesn't find the version to be 2, it still uses parameters that don't exist in the latest version: if ($isNewVersion){
$fileName = "{0}.zip" -f [datetime]::Now.ToFileTime()
$arg = "$($global:ldapConnInfo.domain) -c acl --ZipFileName $($fileName) --NoSaveCache"
} else {
$fileName = "{0}" -f [datetime]::Now.ToFileTime()
$arg = "-d $($global:ldapConnInfo.domain) -c acl --CSVPrefix $($fileName) --NoSaveCache"
}so, once you use the v2 binary, it works normally: |
I am receiving the following error below.
Not sure if its related but I am running it from a non-domain member system.
I specified the domain, username and password and it successfully bound to AD.
....
[] Getting schema classes...
[] Found 4729 schema classes
[] Getting extended rights from schema...
[] Found 142 extended rights
[*] Running SharpHound v2.0.0...
Get-SharpHoundACL : [Get-SharpHoundACL] No ACL input available.
At \github\Invoke-ACLPwn\Invoke-ACLPwn.ps1:1724 char:17
The text was updated successfully, but these errors were encountered: