BloodHoundAD · RiccardoAncarani · Aug 11, 2019
diff --git a/Sharphound2/App.config b/Sharphound2/App.config
@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
-</configuration>
+<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup></configuration>
diff --git a/Sharphound2/Enumeration/EnumerationRunner.cs b/Sharphound2/Enumeration/EnumerationRunner.cs
@@ -949,6 +949,14 @@ private Task StartListRunner(BlockingCollection<Wrapper<string>> input, Blocking
                     {
                         timeout = true;
                     }
+                    try
+                    {
+                        obj.RemoteManagementUsers = LocalGroupHelpers.GetGroupMembers(full, LocalGroupHelpers.LocalGroupRids.RemoteManagementUsers).ToArray();
+                    }
+                    catch (TimeoutException)
+                    {
+                        timeout = true;
+                    }
 
                     try
                     {
@@ -1137,6 +1145,16 @@ private Task StartRunner(BlockingCollection<Wrapper<SearchResultEntry>> processQ
                                 timeout = true;
                             }
 
+                            try
+                            {
+                                obj.RemoteManagementUsers = LocalGroupHelpers.GetGroupMembers(resolved,
+                                    LocalGroupHelpers.LocalGroupRids.RemoteManagementUsers).ToArray();
+                            }
+                            catch (TimeoutException)
+                            {
+                                timeout = true;
+                            }
+
                             try
                             {
                                 foreach (var s in SessionHelpers.GetNetSessions(resolved, domain))

diff --git a/Sharphound2/Enumeration/LocalGroupHelpers.cs b/Sharphound2/Enumeration/LocalGroupHelpers.cs
@@ -254,6 +254,9 @@ public static IEnumerable<LocalMember> GetGroupMembers(ResolvedEntry entry, Loca
             if (rid.Equals(LocalGroupRids.DcomUsers) && !Utils.IsMethodSet(ResolvedCollectionMethod.DCOM))
                 yield break;
 
+            if (rid.Equals(LocalGroupRids.RemoteManagementUsers) && !Utils.IsMethodSet(ResolvedCollectionMethod.LocalAdmin)) //TODO add proper collection method
+                yield break;
+
             Utils.Debug("Starting GetSamAdmins");
             string machineSid = null;
             Utils.Debug("Starting Task");
@@ -782,6 +785,11 @@ public static IEnumerable<GpoMember> GetGpoMembers(SearchResultEntry entry, stri
                         Type = x.Type
                     }).ToArray(),
                     DcomUsers = resolvedList.Where((x) => x.RID == 562).Select((x) => new LocalMember
+                    {
+                        Name = x.Name,
+                        Type = x.Type
+                    }).ToArray(),
+                    RemoteManagementUsers = resolvedList.Where((x) => x.RID == 580).Select((x) => new LocalMember
                     {
                         Name = x.Name,
                         Type = x.Type
@@ -848,7 +856,8 @@ internal enum LocalGroupRids
         {
             Administrators = 544,
             RemoteDesktopUsers = 555,
-            DcomUsers = 562
+            DcomUsers = 562,
+            RemoteManagementUsers = 580
         }
 
         #region LSA Imports

diff --git a/Sharphound2/JsonObjects/Computer.cs b/Sharphound2/JsonObjects/Computer.cs
@@ -17,6 +17,7 @@ public string Name
         public LocalMember[] LocalAdmins { get; set; }
         public LocalMember[] RemoteDesktopUsers { get; set; }
         public LocalMember[] DcomUsers { get; set; }
+        public LocalMember[] RemoteManagementUsers { get; set; }
         public string[] AllowedToDelegate { get; set; }
         public LocalMember[] AllowedToAct { get; set; }
         public ACL[] Aces { get; set; }

diff --git a/Sharphound2/JsonObjects/GpoMember.cs b/Sharphound2/JsonObjects/GpoMember.cs
@@ -6,5 +6,6 @@ internal class GpoMember : JsonBase
         public LocalMember[] RemoteDesktopUsers { get; set; }
         public LocalMember[] LocalAdmins { get; set; }
         public LocalMember[] DcomUsers { get; set; }
+        public LocalMember[] RemoteManagementUsers { get; set; }
     }
 }
diff --git a/Sharphound2/Sharphound2.csproj b/Sharphound2/Sharphound2.csproj
@@ -8,10 +8,11 @@
     <OutputType>Exe</OutputType>
     <RootNamespace>Sharphound2</RootNamespace>
     <AssemblyName>SharpHound</AssemblyName>
-    <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <NuGetPackageImportStamp>
     </NuGetPackageImportStamp>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
@@ -22,6 +23,7 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
@@ -31,9 +33,11 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup>
-    <ApplicationIcon>favicon.ico</ApplicationIcon>
+    <ApplicationIcon>
+    </ApplicationIcon>
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="CommandLine, Version=1.9.71.2, Culture=neutral, PublicKeyToken=de6f01bd326f8c32, processorArchitecture=MSIL">