Hey hackers, welcome to pentestguy. I am back with another interesting post on a super useful tool in network penetration testing named bloodhound ad. Well, the bloodhound is a single-page javascript web application, that uses neo4j database, which uses for domain enumeration.
BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound AD to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment. Bloodhound also has a bloodhound enterprise.
Setup neo4j
As mentioned before neo4j is a database uses to store/fed data to bloodhound, it’s necessary to install neo4j. Installation of neo4j is simple in kali run the command given below. For the windows, platform download and install it via .bat file, https://neo4j.com/download/
apt install neo4j
run neo4j using the command given below
sudo neo4j console
open http://localhost:7474/browser/ this URL into the browser, remember the default neo4j credentials is neo4j:neo4j after logging in, it will ask to set a new password.
Setup BloodHound
Download BloodHound for the Linux platform from the link given https://github.com/BloodHoundAD/BloodHound/releases and open it via terminal and it will provide a new UI window.
./BloodHound --no-sandbox
make sure to use credentials from the previous step of neo4j
All set, all need data. for that use data collector, SharpHound is c# data collector and AzureHound is another official tool used to collect azure data for BloodHound.
If you are using Kali Linux the another and easy way to install using apt package manager.
apt install bloodhound
The example given below is from Tryhackme, Post-Exploitation Basics https://tryhackme.com/room/postexploit. Run the SharpHound on the box and collect the zip file and after that import that zip file into the BloodHound.
But unfortunately, the data which is generated from the box is unable to import into the BloodHound, maybe some version issue with that. Tried the same thing on my own server, which was set up in VirtualBox.
Go to the directory where SharpHound is located and open the terminal.
powershell -ep bypass ..\SharpHound.ps1
Invoke-Bloodhound -CollectionMethod All -Domain PENTESTGUY.local -ZipFileName all.zip
share the zip file using SCP or can use it any other way, and analyze it.
BOUNS – Creating example data
Tried DBcreator from BloodHound which is nothing but a sample database generator but it gave issues. BadBlood is working fine only need to download it https://github.com/davidprowe/BadBlood on AD (which is set up for testing)and run the ps file.
./Invoke-BadBlood.ps1
and after that type badblood to generate random data.
Hope you enjoy this post, please drop your comments below if you are facing any issues. Now you can also collab with us please check our collaboration page, Thank you 🙂
