Bloodhound

Bloodhound is a great tool, created by Rohan Vazarkar (@CptJesus) and Will Schroeder (@harmj0y). It can help you find your way around a domain and can map routes/paths to target machines or accounts in Active Directory. It’s really useful when you first find yourself on a network and just requires a domain joined machine to run it from.

In the most recent Kali update apparently Bloodhound is included as a package but alternatively a really useful set of instructions can be found on the github wiki page here: https://github.com/BloodHoundAD/BloodHound/wiki

 

Bloodhound consists of two stages:

  1. The collection of data
  2. Import & analysis

 

The collection of data

To run the Bloodhound query you need the Bloodhound.ps1 script which can be found here: https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/PowerShell/BloodHound.ps1

On the domain joined machine:

 

  1. Launch powershell.
  2. In many cases the running of scripts is disabled – you will likely be able to get around that by running the following command:
    Powershell –exec bypass
  3. Now import the script into Powershell:
    Import-Module ./Bloodhound.ps1
  4. Then collect data:
    Get-BloodHoundData
  5. You should see 3 or 4 CSV files created, as long as some of them actually contain some data then it has worked.
Import & Analysis

Take these CSVs back to your Kali box and Import them into Bloodhound for perusal at your leisure.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s