IndexOutOfRangeException when AD object has a property with an empty value #205
Description
When for whatever reason an AD object has an empty property, Rubeus crashes with the following exception:
PS C:\Users\Iorpim\Downloads\Rubeus> .\rubeus.exe golden /rc4:***************************** /ldap /user:******** /sid:*********** /domain:************ /printcmd /dc:10.0.0.1
______ _
(_____ \ | |
_____) )_ _| |__ _____ _ _ ___
| __ /| | | | _ \| ___ | | | |/___)
| | \ \| |_| | |_) ) ____| |_| |___ |
|_| |_|____/|____/|_____)____/(___/
v2.3.3
[*] Action: Build TGT
[*] Trying to query LDAP using LDAPS for user information on domain controller 10.0.0.1
[*] Searching path 'DC=****,DC=****,DC=***' for '(samaccountname=**********)'
[*] Retrieving group and domain policy information over LDAP from domain controller 10.0.0.1
[*] Searching path 'DC=****,DC=****,DC=***' for '****query****'
[!] Unhandled Rubeus exception:
System.IndexOutOfRangeException: Index was outside the bounds of the array.
at Rubeus.Helpers.GetADObjects(List`1 searchResults)
at Rubeus.Networking.GetLdapQuery(NetworkCredential cred, String OUName, String domainController, String domain, String filter, Boolean ldaps)
at Rubeus.ForgeTickets.ForgeTicket(String user, String sname, Byte[] serviceKey, KERB_ETYPE etype, Byte[] krbKey, KERB_CHECKSUM_ALGORITHM krbeType, Boolean ldap, String ldapuser, String ldappassword, String sid, String domain, String netbiosName, String domainController, TicketFlags flags, Nullable`1 startTime, Nullable`1 rangeEnd, String rangeInterval, Nullable`1 authTime, String endTime, String renewTill, Nullable`1 id, String groups, String sids, String displayName, Nullable`1 logonCount, Nullable`1 badPwdCount, Nullable`1 lastLogon, Nullable`1 logoffTime, Nullable`1 pwdLastSet, Nullable`1 maxPassAge, Nullable`1 minPassAge, Nullable`1 pGid, String homeDir, String homeDrive, String profilePath, String scriptPath, String resourceGroupSid, List`1 resourceGroups, PacUserAccountControl uac, Boolean newPac, Boolean extendedUpnDns, String outfile, Boolean ptt, Boolean printcmd, String cName, String cRealm, String s4uProxyTarget, String s4uTransitedServices, Boolean includeAuthData, Boolean noFullPacSig, Int32 rodcNumber)
at Rubeus.Commands.Golden.Execute(Dictionary`2 arguments)
at Rubeus.Domain.CommandCollection.ExecuteCommand(String commandName, Dictionary`2 arguments)
at Rubeus.Program.MainExecute(String commandName, Dictionary`2 parsedArgs)
In this particular case it was a group with the member property empty, although I imagine it could happen to other properties as well.