Bloodhound

Install and run Bloodhound Legacy

# Install and run neo4j
sudo apt-get install neo4j
sudo neo4j console

# Download Bloodhound legacy binary, unpack and execute
wget "https://github.com/SpecterOps/BloodHound-Legacy/releases/download/v4.3.1/BloodHound-linux-x64.zip"
unzip BloodHound-linux-x64.zip
cd BloodHound-linux-x64
./BloodHound --no-sandbox --disable-gpu

Bloodhound ingestor with LDAP signing and LDAP channel binding

# Request TGT with a password
impacket-getTGT '<DOMAIN-FQDN>/<USERNAME>' -dc-ip '<DC-IP>'
# Request TGT with an NTLM Hash
impacket-getTGT '<DOMAIN-FQDN>/<USERNAME>' -dc-ip '<DC-IP>' -hashes :'<NTLM-HASH>'
export KRB5CCNAME=<CCACHE>

# Run nxc ingestor
nxc ldap '<DC-IP>' -u '<USERNAME>'-p '<PASSWORD>' --bloodhound --collection All -k -d '<DOMAIN-FQDN>'

Bloodhound Python

bloodhound-python -c All -d '<DOMAIN-FQDN>' -u '<USERNAME>' -p '<PASSWORD>' -ns '<DNS-IP>'

PreviousSCOM NextDNS

Last updated 20 days ago