BloodHound

Installation

Simple Way Setup Bloodhound

Install docker

sudo apt update
sudo apt install docker.io

Install docker-compose

sudo curl -SL https://github.com/docker/compose/releases/download/v2.29.6/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# check with
sudo docker-compose

Run

curl -L https://ghst.ly/getbhce | sudo docker-compose -f - up

Locate the randomly generated password in the terminal output of Docker Compose.

In a browser, navigate to http://localhost:8080/ui/login. Login with a username of admin and the randomly generated password from the logs.

After this you will need to change the randomly generated password and you will have the new interface ready, from which you can directly download the ingestors.

Persistent Installation (Need effort to setup)

  1. unzip or clone (https://github.com/BloodHoundAD/BloodHound.git)

  2. ./bloodhound

or

Run neo4j

(neo4j:neo4j) default creds:

Then change the password fist in the neo4j

If you forgot the password, reset it with this command:

latest version:

  1. Open the neo4j.conf file and set dbms.security.auth_enabled parameter to false to disable the authentication:

  1. Login to the browser, then reset password via console in the browser

Upload sharphound.exe

Analysis

Import data Drop zip file into bloodhound

Analysis

  1. Find all Domain Admins

  2. List all Kerberoastable Accounts

  3. Find Principals with DCSync Rights

Attack path (while own a user)

  1. Shortest Paths to Domain Admins from Owned Principals

  2. Find Shortest Paths to Domain Admins

  3. Node Info -> Group

Get Users from bloodhound json file

Get Data

SharpHound.exe

SharpHound.ps1

bloodhound.py

PreviousPowerViewNextFlooding Attack

Last updated