BloodHound
Linux/Unix
Ingestor/collector BloodHound.py
bloodhound-python -ns <IP-address-DC> -d <ACME.LOCAL> -u "<user>" -p "<password>" -c all
BloodHound
sudo neo4j start
bloodhound
Windows
Ingestor/collector SharpHound
Ejecutable (.exe)
.\SharpHound.exe -c All --zipfilename sharphound
PowerShell
Import-Module .\SharpHound.ps1
Invoke-BloodHound -CollectionMethod All
Consultas de análisis
Find Computers where Domain Users are Local Admin
Find Workstations where Domain Users can RDP
Find Servers where Domain Users can RDP
List all Kerberoastable Accounts
Find Computers with Unsupported Operating Systems
CanPSRemote (PowerShell Remoting)
MATCH p1=shortestPath((u1:User)-[r1:MemberOf*1..]->(g1:Group)) MATCH p2=(u1)-[:CanPSRemote*1..]->(c:Computer) RETURN p2
SQLAdmin (SQLAdmin)
MATCH p1=shortestPath((u1:User)-[r1:MemberOf*1..]->(g1:Group)) MATCH p2=(u1)-[:SQLAdmin*1..]->(c:Computer) RETURN p2
Última actualización
¿Te fue útil?