Analysis of Windows Active Directory environment using BloodHound

This article examines the analysis of a Windows Active Directory environment using BloodHound .

BloodHound is a tool for clarifying unintended relationships in the Active Directory environment based on graph theory. This allows you Domain Admins to discover paths for migrating to other users or groups, such as elevating privileges to low-privileged users .

Here, Kali Linux 2020.1with respect to BloodHound Version: 3.0.2you through the installation of apt BloodHound can be installed using the package management command . The command syntax is, apt-get install bloodhoundis. In advance, apt-get updateand apt-get dist-upgraderun the command, you must have the system up-to-date state.

This section uses the following settings.

Database URL： bolt：//localhost：7687 DB Username： neo4j DB Password： blood

From a terminal, bloodhoundexecute a command and launch it (must be open in the background).

Use the following command syntax to duplicate a repository.

pip In command, neo4j-driverto install.

DBCreator.py The script is python2 described in. Therefore, specify python2 and execute explicitly .

DBCreator.py dbconfig Executes commands according to the script’s user interface . neo4jEnter your credentials.

**DBCreator.py generate ** Executes commands according to the script’s user interface . Generate test data.

After Bloodhound you create the test data and log on, BloodHound draws a group named “Domain Admins” and shows the valid users belonging to that group.

In the* [Database Info]* tab on the left corner, you can see the statistics of the registered data. The information that can be confirmed on the tab is as follows.

[Database Info]

In the [Queries] tab in the left corner, you can see the display with some prepared analytic queries.

[Queries] > [Pre-Built Analytics Queries] > [Shortest Paths to High Value Targets] Screen when a query is selected.

So far, BloodHound and neo4j have been installed and configured. From here, we will use BloodHound to analyze the data of the target network.

Use “ Ingestors “ on the target system or domain . Ingestors queries the domain controller and Active Directory to retrieve all trust relationships, group policy settings, and Active Directory objects.

SharpHound.exe Use to collect data from Active Directory. First, powershell launch Then, SharpHound.exe run :)

Related posts:

Write code that writes code with Elixir macros. Macros make metaprogramming possible and define the language itself. In this book, you'll learn how to use macros to extend the language with fast, maintainable code and share functionality in ways you never thought possible. You'll discover how to extend Elixir with your own firs