added bloodhound information
This commit is contained in:
parent
9be912401b
commit
d797981a6d
|
|
@ -1,3 +1,34 @@
|
|||
# Bloodhound
|
||||
|
||||
* DNS
|
||||
Bloodhound contain two parts of interest. One is Bloodhound itself including
|
||||
the Neo4j database. The other are data collectors named `SharpHound.exe`,
|
||||
`SharpHound.ps1`, `AzureHound.ps1` and `Bloodhound.py`.
|
||||
|
||||
## Data Collection
|
||||
|
||||
Sharphound is a portable executable which can be executed in the following way.
|
||||
The runas command uses the user from the commandline parameter to respond to
|
||||
network requests. So, runas is called as a cover up measurement.
|
||||
|
||||
```
|
||||
runas /netonly /user:OnTheINTERNET\NobodyKnowsYoureADOG cmd.exe
|
||||
SharpHound.exe --CollectionMethods All --Domain $TARGET_DOMAIN --ExcludeDCs
|
||||
```
|
||||
|
||||
If there is no issue getting detected `--ExcludeDCs` can be ommited, so
|
||||
information is gathered for DCs as well.
|
||||
|
||||
Alternativly, Bloodhound can be directly from the attacker or any other
|
||||
machine. It connects to the the target network to collect information.
|
||||
|
||||
```sh
|
||||
bloodhound-python -u $USER -p $PASSWORD -d $TARGET_DOMAIN -ns $DNS_NAMESERVER -c All --zip
|
||||
```
|
||||
|
||||
## Data Exploration
|
||||
|
||||
Once the data has been collected and has been uploaded to the BloodHound
|
||||
database, insights can be gained through the `Explore` option. Further, there
|
||||
is `Pathfinding` and `Cypher`. The former shows connection between users and
|
||||
objects, the latter contains predefined queries, e.g. `All Domain Admins` ,
|
||||
`Map OU Structure` or `Map domain trusts` and multiple others.
|
||||
|
|
|
|||
Loading…
Reference in New Issue