Bloodhound

Run it

First, we need to start a neo4j console, on Parrot if you have trouble, please find the blog below.

sudo neo4j console

Then we can start bloodhound

bloodhound

Before, we had to run an ingester from the target (sharphound.exe), which isn’t needed anymore thanks to bloodhound-python

python3 -m bloodhound -d ORB.local -u lkisaka -p Password1 -ns 10.0.0.12 -c all

-d: the target domain
-u: a domain user
-p: its password
-ns: the nameserver of the domain (the Domain Controller)
-c: what should be collected (here ALL.)

Untitled

Now back to Bloodhound, we can load all the collected data

Untitled

<aside> 💡 In my case, this step didn’t work, I’ve some workaround with the release version of Bloodhound, but this time it’s neo4j that wasn’t up to date (got 4.2.1 need >4.4.0.) but I cannot update it on my parrot OS. That’s why we always need a backup OS to work with.

</aside>

What look at?

This tool has the particularity to offer a GUI. Then the important thing is to look at the analysis to easily find out which account would be interesting etc.

Untitled