Merge pull request #20445 from zeroSteiner/feat/lib/ldap-adds/2

Don't look up the local system SID
2025-08-12 07:59:10 -07:00
parent e1407833c2 90b60c78ac
commit 4200f51fdf
1 changed files with 3 additions and 0 deletions
@@ -302,6 +302,9 @@ module Msf
            matcher.apply_ace!(ace) if security_descriptor.group_sid == test_sid
          when test_sid
            matcher.apply_ace!(ace)
+          when Rex::Proto::Secauthz::WellKnownSids::SECURITY_LOCAL_SYSTEM_SID
+            # the SECURITY_LOCAL_SYSTEM_SID won't be found if looked up in the next block and if it's not the SID we're checking for, it doesn't apply anyways so just skip it
+            next
          else
            ldap_object = adds_get_object_by_sid(ldap, ace.body.sid)
            next unless ldap_object && ldap_object[:objectClass].include?('group')