Enumeration with Bloodhound (GUI)
Last updated
Last updated
Bloodhound is a graphical interface that allows you to visually map out the network. This tool along with SharpHound which similar to PowerView takes the user, groups, trusts etc. of the network and collects them into .json files to be used inside of Bloodhound.
apt-get install bloodhound
neo4j console
- default credentials -> neo4j:neo4j
powershell -ep
bypass same as with PowerView
. .\SharpHound.ps1
Invoke-Bloodhound -CollectionMethod All -Domain CONTROLLER.local -ZipFileName loot.zip
Transfer the loot.zip folder to your Attacker Machine
note: you can use scp to transfer the file if you’re using ssh
bloodhound
Run this on your attacker machine not the victim machine
Sign In using the same credentials you set with Neo4j
Note: On some versions of BloodHound the import button does not work to get around this simply drag and drop the loot.zip folder into Bloodhound to import the .json files
To view the graphed network open the menu and select queries this will give you a list of pre-compiled queries to choose from.
The queries can be as simple as find all domain admins -
Or as complicated as shortest path to high value targets -
There are plenty of queries to choose from and enumerate connections inside of the network
Inside of Bloodhound search for this icon and import the loot.zip folder