Merge pull request #20445 from zeroSteiner/feat/lib/ldap-adds/2

Don't look up the local system SID

Author: jheysel-r7

lib/msf/core/exploit/remote/ldap/active_directory.rb

@@ -302,6 +302,9 @@ def adds_sd_grants_permissions?(ldap, security_descriptor, matcher, test_sid: ni
             matcher.apply_ace!(ace) if security_descriptor.group_sid == test_sid
           when test_sid
             matcher.apply_ace!(ace)
+          when Rex::Proto::Secauthz::WellKnownSids::SECURITY_LOCAL_SYSTEM_SID
+            # the SECURITY_LOCAL_SYSTEM_SID won't be found if looked up in the next block and if it's not the SID we're checking for, it doesn't apply anyways so just skip it
+            next
           else
             ldap_object = adds_get_object_by_sid(ldap, ace.body.sid)
             next unless ldap_object && ldap_object[:objectClass].include?('group')