BloodHound

Linux/Unix

Ingestor/collector BloodHound.py

bloodhound-python -ns <IP-address-DC> -d <ACME.LOCAL> -u "<user>" -p "<password>" -c all

BloodHound

sudo neo4j start
bloodhound

Windows

Ingestor/collector SharpHound

Ejecutable (.exe)

.\SharpHound.exe -c All --zipfilename sharphound

PowerShell

Import-Module .\SharpHound.ps1
Invoke-BloodHound -CollectionMethod All

Consultas de análisis

  • Find Computers where Domain Users are Local Admin

  • Find Workstations where Domain Users can RDP

  • Find Servers where Domain Users can RDP

  • List all Kerberoastable Accounts

  • Find Computers with Unsupported Operating Systems

CanPSRemote (PowerShell Remoting)

MATCH p1=shortestPath((u1:User)-[r1:MemberOf*1..]->(g1:Group)) MATCH p2=(u1)-[:CanPSRemote*1..]->(c:Computer) RETURN p2

SQLAdmin (SQLAdmin)

MATCH p1=shortestPath((u1:User)-[r1:MemberOf*1..]->(g1:Group)) MATCH p2=(u1)-[:SQLAdmin*1..]->(c:Computer) RETURN p2
AnteriorEnumeración autenticadaSiguienteDomain Name System (DNS)

Última actualización