diff --git a/package.json b/package.json
index 193ca41c3..5b78a41bd 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "bloodhound",
- "version": "2.1.1",
+ "version": "2.2.0",
"description": "Graph Theory for Active Directory",
"prettier": {
"tabWidth": 4,
diff --git a/src/components/Modals/HelpModal.jsx b/src/components/Modals/HelpModal.jsx
index 6b385875f..7bbf2a7b5 100644
--- a/src/components/Modals/HelpModal.jsx
+++ b/src/components/Modals/HelpModal.jsx
@@ -230,7 +230,9 @@ export default class HelpModal extends Component {
There is at least one MSSQL instance running on ${targetName} where the user ${sourceName} is the account configured to run the SQL Server instance. The typical configuration for MSSQL is to have the local Windows account or Active Directory domain account that is configured to run the SQL Server service (the primary database engine for SQL Server) have sysadmin privileges in the SQL Server application. As a result, the SQL Server service account can be used to log into the SQL Server instance remotely, read all of the databases (including those protected with transparent encryption), and run operating systems command through SQL Server (as the service account) using a variety of techniques.
- For Windows systems that have been joined to an Active Directory domain, the SQL Server instances and the associated service account can be identified by executing a LDAP query for a list of "MSSQLSvc" Service Principal Names (SPN) as a domain user. In short, when the Database Engine service starts, it attempts to register the SPN, and the SPN is then used to help facilitate Kerberos authentication.`;
+ For Windows systems that have been joined to an Active Directory domain, the SQL Server instances and the associated service account can be identified by executing a LDAP query for a list of "MSSQLSvc" Service Principal Names (SPN) as a domain user. In short, when the Database Engine service starts, it attempts to register the SPN, and the SPN is then used to help facilitate Kerberos authentication.
+
+ Author: Scott Sutherland`;
}
@@ -1619,7 +1621,9 @@ export default class HelpModal extends Component {
Get-SQLQuery -Verbose -Query "xp_test" -Instance sqlserver\instance
4. Remove extended stored procedure.
- Get-SQLQuery -Verbose -Query "sp_dropextendedproc 'xp_test'" -Instance sqlserver\instance`;
+ Get-SQLQuery -Verbose -Query "sp_dropextendedproc 'xp_test'" -Instance sqlserver\instance
+
+ Author: Scott Sutherland`;
}
this.setState({ abuseTabContent: { __html: formatted } });
@@ -1764,7 +1768,9 @@ export default class HelpModal extends Component {
If database audit specifications are configured on the SQL Server, event ID 33205 logs may be created in the Windows Application log when Agent and database level configuration changes are made.
A summary of the what will show up in the logs, along with the TSQL queries for viewing and configuring audit configurations can be found at
- https://github.com/NetSPI/PowerUpSQL/blob/master/templates/tsql/Audit%20Command%20Execution%20Template.sql.`;
+ https://github.com/NetSPI/PowerUpSQL/blob/master/templates/tsql/Audit%20Command%20Execution%20Template.sql.
+
+ Author: Scott Sutherland`;
}
this.setState({ opsecTabContent: { __html: formatted } });
diff --git a/src/components/SearchContainer/Tabs/ComputerNodeData.jsx b/src/components/SearchContainer/Tabs/ComputerNodeData.jsx
index 2f8337f4d..34d39b475 100644
--- a/src/components/SearchContainer/Tabs/ComputerNodeData.jsx
+++ b/src/components/SearchContainer/Tabs/ComputerNodeData.jsx
@@ -469,6 +469,17 @@ class ComputerNodeData extends Component {
distinct
/>
+ Inbound Execution Privileges
+ (m:Computer {name:{name}})'
+ }
+ start={this.state.label}
+ distinct
+ />
+
Outbound Execution Privileges
+ (n:Computer)'
+ }
+ start={this.state.label}
+ distinct
+ />
+