【笔记】BloodHound学习笔记

发表于 更新于 阅读次数:

前言

BloodHound uses graph theory to reveal hidden and often unintended relationships within Active Directory, Entra ID (formerly Azure AD), and Microsoft Azure IaaS. Defenders (blue teams) and attackers (red teams) use BloodHound for a deeper understanding of privileged relationships in an environment.(官网

客户端通过收集器进行信息收集

SharpHound Community Edition (CE) is the official data collector for BloodHound CE. It is written in C# and uses native Windows API functions and LDAP namespace functions to collect data from domain controllers and domain-joined Windows systems.(维基百科

下载项目

1
2
3
wget https://github.com/BloodHoundAD/SharpHound/releases/download/v2.5.7/SharpHound-v2.5.7.zip
unzip SharpHound-v2.5.7.zip -d SharpHound-v2.5.7
cd SharpHound-v2.5.7

复制SharpHound.exe到受害机并执行信息收集

1
SharpHound.exe -c all

数据分析

准备工作

部署neo4j数据库

下载依赖
1
brew install neo4j
修改配置文件
  • 将第27行注释去掉
/opt/homebrew/Cellar/neo4j/5.24.1/libexec/conf/neo4j.conf
1
dbms.security.auth_enabled=false
启动服务
1
brew services start neo4j

MacOS

下载依赖

1
2
3
wget https://github.com/BloodHoundAD/BloodHound/releases/download/v4.3.1/BloodHound-darwin-arm64.zip
unzip BloodHound-darwin-arm64.zip
cd BloodHound-darwin-arm64

启动服务

1
open BloodHound.app

Neo4j URL:bolt://localhost:7687
Neo4j Username:neo4j
Neo4j Password:neo4j

上传收集的数据zip压缩包进行分析

  • Upload Data

完成