BloodHound SharpHound for Active Directory
Last modified: 2023-10-22
BloodHound is a web application to reveal the hidden and intended relationships within an Active Directory. SharpHound is a C# data collector for BloodHound.
In target machine, download SharpHound and run.
# Enumerate the AD information that can be visualized in Bloodhound Sharphound.exe --CollectionMethods All --Domain dc.example.com --ExcludeDCs
Then the zip file will be generated. This file can be displayed in Bloodhound.
To transfer the zip file to local machine, run the following command in local machine.
scp <ad_username>@example.com:C:/Path/To/<sharphound_result>.zip .
In local machine, start neo4j console.
sudo neo4j console
After that, in another terminal, start Bloodhound.
This shows the authentication GUI. The default credential is:
However, we may need to change the neo4j password via http://localhost:7474/.
In Bloodhound, drag and drop the zip file which we transferd in the previous section.
Json files will be imported.
After importing, we can view the several attack paths. Click the three stripe icon on the top-left of the window.