2 - Sharphound + BloodHound

• Collect domain data using SharpHound

• Analyze the data using BloodHound

Collect the Data

Download Sharpound.ps1 here => https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1

Import it

Import-Module .\Sharphound.ps1

Before we can collect data we must invoke bloodhound (yeah makes no sense)

This wil

Invoke-BloodHound -CollectionMethod All -OutputDirectory C:\Users\<USER>\Desktop\ -OutputPrefix "something stealth"

This will generate the zip file we need for Bloodhound. We can delete the .bin

Analyze the Data

Load the graph database:

sudo neo4j start

If first time go to http://localhost:7474 neo4j:neo4j and change password to admin

Run bloodhound and login:

bloodhound

Right side 4th button is to upload the zip.

Then look at the Analysis tab on the top leftn especially:

• Shortest Paths to Domain Admins

Right click > Mark User as Owned is a cool feature xD