BloodHound & SharpHound
Last updated
Last updated
is a graphic interface tool that allows you to map the AD environment visually. An attacker can use BloodHound to quickly identify highly complex attack paths that would otherwise be impossible.
However, prior to any data visualisation, it is required to use , the official data collector for BloodHound, to detect what domain your current user belongs to, find a domain controller for that domain and gather data like:
Security group memberships
Domain trusts
Abusable rights on Active Directory objects
Group Policy links
OU tree structure
Several properties from computer, group and user objects
SQL admin links
In order to install BloodHound on your Kali machine execute the following steps.
1. Install bloodhound & neo4j
2. Configure neo4j database: Execute sudo neo4j console
, access to with neo4j default credentials "neo4j:neo4j" and change the default password.
3. Execute sudo bloodhound
and log in with the new set of credentials.
There are two ways to obtain the required data to populate BloodHound.
Finally, drag and drop the generated files into the BloodHound interface for ingestion, playing with the default queries.
Find workstations a user can RDP into.
Find servers a user can RDP into.
Find what groups can RDP
Find all the privileges (edges) of the domain users against the domain computers (e.g. CanRDP, AdminTo etc. HasSession edge is not included):
and execute SharpHound. Then, transfer the *_loop.zip
files into your machine.