From 90b60c78ac37d989fbcfb4c24f6619efd67e161a Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Fri, 1 Aug 2025 17:37:29 -0400 Subject: [PATCH] Don't look up the local system SID --- lib/msf/core/exploit/remote/ldap/active_directory.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/msf/core/exploit/remote/ldap/active_directory.rb b/lib/msf/core/exploit/remote/ldap/active_directory.rb index f390f4b661..6db895af65 100644 --- a/lib/msf/core/exploit/remote/ldap/active_directory.rb +++ b/lib/msf/core/exploit/remote/ldap/active_directory.rb @@ -302,6 +302,9 @@ module Msf matcher.apply_ace!(ace) if security_descriptor.group_sid == test_sid when test_sid matcher.apply_ace!(ace) + when Rex::Proto::Secauthz::WellKnownSids::SECURITY_LOCAL_SYSTEM_SID + # the SECURITY_LOCAL_SYSTEM_SID won't be found if looked up in the next block and if it's not the SID we're checking for, it doesn't apply anyways so just skip it + next else ldap_object = adds_get_object_by_sid(ldap, ace.body.sid) next unless ldap_object && ldap_object[:objectClass].include?('group')