BloodHound SharpHound for Active Directory
Last modified: 2023-02-07
BloodHound is a web application to reveal the hidden and intended relationships within an Active Directory. SharpHound is a C# data collector for BloodHound.
Enumerate Active Directory
1. Collect Information with Sharphound
In target machine, download SharpHound and run.
# Enumerate the AD information that can be visualized in Bloodhound Sharphound.exe --CollectionMethods All --Domain dc.example.com --ExcludeDCs
Then the zip file will be generated. This file can be displayed in Bloodhound.
To transfer the zip file to local machine, run the following command in local machine.
scp <ad_username>@example.com:C:/Path/To/<sharphound_result>.zip .
2. Start Bloodhound
In local machine, start neo4j console.
sudo neo4j console
After that, in another terminal, start Bloodhound.
This shows the authentication GUI. The default credential is:
However, we may need to change the neo4j password via http://localhost:7474/.
3. Visualize a ZIP File
In Bloodhound, drag and drop the zip file which we transferd in the previous section.
Json files will be imported.
4. Attack Paths
After importing, we can view the several attack paths. Click the three stripe icon on the top-left of the window.