# jumpcloud ## 使用方式 ```shell= 安裝 ad import 並輸入相關資訊 (很基本不贅述) 打開 ADUC (ServerManger -> Tools -> Active Directory Users and Computers) 在 Users 新增 goup, 名稱為 JumpCloud (注意大小寫) 把要 sync 的 user 加入 JumpCloud 群組 (免費版只能 sync 10 個) 在 Users 按右鍵 -> Delegate Control... -> 把要 sync 的 user 和 JumpCloud 加進去 -> 等待 90s 到來 ``` ## AD import ```shell= # break 方式, 檔名可用 strings adint.exe 找尋 b C:/gopath/src/github.com/TheJumpCloud/ADIntegrationAgent/Agent/main.go:40 b *0x6c4824 adint.exe 從 main__main 開始逆會發現它只是在開啟/關閉 adint 服務 我們要逆的是服務 main.(_myservice).Execute main__myservice__Execute 重點函式 main_mirrorADToJumpCloud main_getJCGroupsAndUsersFromAD main_ADDial # ldap 連線 main_getADGroupsAndUsers main_queryADGroup # (objectClass=*) # powershell 測試方式 get-aduser -LDAPfilter "(objectClass=*)" 可以發現 group 跟 user 都會拿到，但沒有密碼欄位 main_ADGroup_toString # 基本上開啟 debug 就能在 TEMP 看到 (見下方) main_ADUser_toString ``` ## debug ```shell= # 安裝 x64 dbg attach adint.exe b *6a5c90 # main.getADGroupsAndUsers 每 90s 呼叫一次，不想等待可修改 adint.config, 重啟 jumpcloud 服務，再重新 attach 修改 C:\Program Files\JumpCloud AD Bridge\adint.config "Debug": { "Debugs": { "adquery.go": 100, "debug.go": 100, "jcmap.go": 100 } } 查看 C:\Windows\Temp\JumpCloud_AD_Integration ``` ```shell= ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.getADGroupsAndUsers:249): query='CN=JumpCloud;CN=Users;DC=myad;DC=local', len(*userMap)=0 ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.getADGroupsAndUsers:279): Got group from AD: groupName='JumpCloud' - members='CN=test1,CN=Users,DC=myad,DC=local' - users=[] ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.getADGroupsAndUsers:249): query='CN=test1,CN=Users,DC=myad,DC=local', len(*userMap)=0 ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.getADGroupsAndUsers:264): Got user from AD: userName='test1' - email='kruztw@gmail.com' - given='' - sur='test1' - groups=[] - disabled='false' - isAdmin='false' - expired='true' - passwordExpirationDate='' ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.populateGroup:447): populateGroup: groupKey = CN=JumpCloud;CN=Users;DC=myad;DC=local, visited = false ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.populateGroup:462): Adding user 'test1' to group 'CN=JumpCloud;CN=Users;DC=myad;DC=local' ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.userMapToArray:489): Adding user: userName='test1' - email='kruztw@gmail.com' - given='' - sur='test1' - groups=[JumpCloud] - disabled='false' - isAdmin='false' - expired='true' - passwordExpirationDate='' ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.groupMapToArray:537): Adding group: groupName='JumpCloud' - members='CN=test1,CN=Users,DC=myad,DC=local' - users=[test1] ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.buildADStateSignature:614): Adding key string for user: test1|kruztw@gmail.com||test1|false|false|true| ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.buildADStateSignature:632): Adding key string for group: JumpCloud|test1 ADINT:2022/05/13 00:04:13 debug.go:61: adquery.go (main.buildADStateSignature:638): signature=0211cd1b63519716e3cc3ea63148c18e ADINT:2022/05/13 00:04:13 adint.go:215: AD change detected, orig='06559caefc3515e4f2bd8262bcece984', new='0211cd1b63519716e3cc3ea63148c18e', hasNewPasswordToSync=true ADINT:2022/05/13 00:04:16 adint.go:241: This org has Groups support # main_applyUserChangesToJumpCloud (0x77e2d0) ADINT:2022/05/13 00:04:19 debug.go:61: jcmap.go (main.applyUserChangesToJumpCloud:575): USER [test1] ACTION = Expired in both AD and JumpCloud # main_applyUserChangesToJumpCloud (0x6bf848) ADINT:2022/05/13 00:04:19 debug.go:61: jcmap.go (main.applyUserChangesToJumpCloud:643): user password changed # main_applyUserChangesToJumpCloud ADINT:2022/05/13 00:04:19 debug.go:61: jcmap.go (main.applyUserChangesToJumpCloud:656): UPDATE USER: User change occurred on # 下面這坨資訊在 main_ADUser_toString (0x78DFE7) 'userName='test1' - email='kruztw@gmail.com' - given='' - sur='test1' - groups=[JumpCloud] - isAdmin='false' - expired='false' - suspended='false- passwordExpirationDate='2022-06-23T15:59:11.000Z'', adUser=userName='test1' - email='kruztw@gmail.com' - given='' - sur='test1' - groups=[JumpCloud] - disabled='false' - isAdmin='false' - expired='true' - passwordExpirationDate='' # main_checkAndSetPasswordChange ADINT:2022/05/13 00:04:19 debug.go:61: jcmap.go (main.checkAndSetPasswordChange:549): PASSWORD CHANGE for user 'test1' ADINT:2022/05/13 00:04:21 jcmap.go:678: Could not expire a user 'userName='test1' - email='kruztw@gmail.com' - given='' - sur='test1' - groups=[JumpCloud] - isAdmin='false' - expired='false' - suspended='false- passwordExpirationDate=''' err='ERROR: Could not POST /systemusers/627d25b38dd81735c368e170/expire, err ='ERROR: Could not Unmarshal JSON response, err='invalid character 'O' looking for beginning of value''' ADINT:2022/05/13 00:04:21 debug.go:61: jcmap.go (main.applyChangesToJumpCloudV2:993): GROUP [JumpCloud] ACTION = In Both AD and JumpCloud ADINT:2022/05/13 00:04:21 debug.go:61: jcmap.go (main.applyJCGroupChanges:946): UPDATE GROUP (JumpCloud): SKIPPED, NO CHANGES ADINT:2022/05/13 00:04:21 debug.go:61: jcmap.go (main.applyChangesToJumpCloudV2:993): GROUP [All Users] ACTION = In JumpCloud Only ADINT:2022/05/13 00:04:21 debug.go:61: jcmap.go (main.applyChangesToJumpCloudV2:1099): GROUP NOP: No changes necessary for group 'All Users' ``` ## Q & A ### user 沒 sync 上去 ```shell= 因為 email 欄位是空的 ```