Recon of Active Directory environment
BloodHound
BloodHound is a GUI program used to visualize relations between objects in the Active Directory domain. It can indicate potential attack paths, misconfigurations and weaknesses in the domain. It presents AD objects in the form of interactive graphs. It works based on the Neo4j database.
Start BloodHound on Linux:
# Neo4j DB must be working
sudo neo4j console
bloodhound
Click Upload Data
button and select .zip
file with the collected data.
If your project is not empty you have to clear the database:
- Go to neo4j GUI:
http://localhost:7474/browser/
- Execute command:
MATCH (n) DETACH DELETE n
IMPORTANT: When you use collectors pay special attention to run all data collection methods!
SharpHound
Check out all SharpHound flags: documentation.
Look for collectors compatible with your BloodHound version in <BloodHound_path>/Collectors/*
.
Run data collector on Windows machine:
# Run data collector
.\SharpHound.exe --CollectionMethods All --ZipFileName loot.zip
SharpHound alternatives
Collectors shipped with BloodHound were designed to run on Windows, but the community has written many of custom collectors that run from Linux.
# Collect data and save to ZIP file
python -m bloodhound -u $user -p $pass -d $domain -dc $dc_fqdn -ns $dc_ip -c All --zip