BloodHound
Linux/Unix
Ingestor/collector BloodHound.py
bloodhound-python -ns <IP-address-DC> -d <ACME.LOCAL> -u "<user>" -p "<password>" -c allBloodHound
sudo neo4j start
bloodhoundWindows
Ingestor/collector SharpHound
Ejecutable (.exe)
.\SharpHound.exe -c All --zipfilename sharphoundPowerShell
Import-Module .\SharpHound.ps1
Invoke-BloodHound -CollectionMethod AllConsultas de análisis
Find Computers where Domain Users are Local Admin
Find Workstations where Domain Users can RDP
Find Servers where Domain Users can RDP
List all Kerberoastable Accounts
Find Computers with Unsupported Operating Systems
CanPSRemote (PowerShell Remoting)
MATCH p1=shortestPath((u1:User)-[r1:MemberOf*1..]->(g1:Group)) MATCH p2=(u1)-[:CanPSRemote*1..]->(c:Computer) RETURN p2SQLAdmin (SQLAdmin)
MATCH p1=shortestPath((u1:User)-[r1:MemberOf*1..]->(g1:Group)) MATCH p2=(u1)-[:SQLAdmin*1..]->(c:Computer) RETURN p2Última actualización
¿Te fue útil?