add netlogon reg key

JonasBK · JonasBK · commit fafc032989a7 · 2025-09-01T14:50:56.000+02:00
diff --git a/src/CommonLib/OutputTypes/APIResults/StrRegistryAPIResult.cs b/src/CommonLib/OutputTypes/APIResults/StrRegistryAPIResult.cs
@@ -0,0 +1,7 @@
+namespace SharpHoundCommonLib.OutputTypes
+{
+    public class StrRegistryAPIResult : APIResult
+    {
+        public string Value { get; set; }
+    }
+}
diff --git a/src/CommonLib/OutputTypes/Computer.cs b/src/CommonLib/OutputTypes/Computer.cs
@@ -65,6 +65,7 @@ public class SmbInfo {
     public class DCRegistryData {
         public IntRegistryAPIResult CertificateMappingMethods { get; set; }
         public IntRegistryAPIResult StrongCertificateBindingEnforcement { get; set; }
+        public StrRegistryAPIResult VulnerableNetlogonSecurityDescriptor { get; set; }
     }
 
     public class ComputerStatus {
diff --git a/src/CommonLib/Processors/DCRegistryProcessor.cs b/src/CommonLib/Processors/DCRegistryProcessor.cs
@@ -81,5 +81,36 @@ public IntRegistryAPIResult GetStrongCertificateBindingEnforcement(string target
 
             return ret;
         }
+
+        /// <summary>
+        /// This function gets the VulnerableChannelAllowList registry value stored on DCs.
+        /// </summary>
+        /// <remarks>https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e</remarks>
+        /// <param name="target"></param>
+        /// <returns>StrRegistryAPIResult</returns>
+        [ExcludeFromCodeCoverage]
+        public StrRegistryAPIResult GetVulnerableNetlogonSecurityDescriptor(string target)
+        {
+            var ret = new StrRegistryAPIResult();
+            const string subKey = @"SYSTEM\CurrentControlSet\Services\Netlogon\Parameters";
+            const string subValue = "VulnerableChannelAllowList";
+            var data = Helpers.GetRegistryKeyData(target, subKey, subValue, _log);
+
+            ret.Collected = data.Collected;
+            if (!data.Collected)
+            {
+                ret.FailureReason = data.FailureReason;
+                return ret;
+            }
+
+            if (data.Value == null)
+            {
+                return ret;
+            }
+
+            ret.Value = (string)data.Value;
+
+            return ret;
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,7 @@ public class SmbInfo {`
`65`	`65`	`public class DCRegistryData {`
`66`	`66`	`public IntRegistryAPIResult CertificateMappingMethods { get; set; }`
`67`	`67`	`public IntRegistryAPIResult StrongCertificateBindingEnforcement { get; set; }`
	`68`	`+ public StrRegistryAPIResult VulnerableNetlogonSecurityDescriptor { get; set; }`
`68`	`69`	`}`
`69`	`70`
`70`	`71`	`public class ComputerStatus {`