BloodHound

Installation

  1. unzip or clone (https://github.com/BloodHoundAD/BloodHound.git)

  2. ./bloodhound

or

sudo apt install bloodhound

Run neo4j 

sudo neo4j console

(neo4j:neo4j) default creds:

Then change the password fist in the neo4j

If you forgot the password, reset it with this command:

# reset password neo4j
locate neo4j |grep auth

rm /usr/share/neo4j/data/dbms/auth

latest version:

  1. Open the neo4j.conf file and set dbms.security.auth_enabled parameter to false to disable the authentication:

dbms.security.auth_enabled=false

  1. Login to the browser, then reset password via console in the browser

ALTER USER neo4j SET PASSWORD 'mynewpassword'

Upload sharphound.exe

Import data Drop zip file into bloodhound

Analysis

  1. Find all Domain Admins

  2. List all Kerberoastable Accounts

  3. Find Principals with DCSync Rights

Attack path (while own a user)

  1. Shortest Paths to Domain Admins from Owned Principals

  2. Find Shortest Paths to Domain Admins

  3. Node Info -> Group

Get Users from bloodhound json file

cat ...._users.json | jq '.data[].Properties | select( .enabled == true) |.name' -r > users.txt

Get Data

SharpHound.exe

.\SharpHound.exe -c all

SharpHound.ps1

powershell -ep bypass . .\SharpHound.ps1 Invoke-BloodHound -CollectionMethod All -Domain -ZipFileName file.zip

bloodhound.py

python3.8 bloodhound.py -ns <ip> -d <domain> -dc <domain controller> -u <username> -p <password> -c All

PreviousPowerViewNextFlooding Attack

Last updated