Articles

LDAP - Lateralization

A list of LDAP Lateralization Techniques.

Analysing Attack Paths

Bloodhound

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify.

# start neo4j server
neo4j console &

# start bloodhound
bloodhound &
# neo4j:root > import *.json

Requirements

Need neo4j v4

Working on JDK-11: sudo update-alternatives --config java

Github: https://github.com/BloodHoundAD/BloodHound

Data collector for BloodHound

bloodhound-python

Dump remotely. Python script.

# dump ldap infosw
bloodhound-python -u <USER> -p <PASSWORD> -d <DOMAIN> -c ALL -ns <IP>

SharpHound

Dump locally. Binary.

.\SharpHound.exe --memcache -c all -d <DOMAIN> -DomainController <IP>

adPEAS

Dump locally. Powershell script.

Import-Module .\adPEAS.ps1
Invoke-adPEAS -Domain '<DOMAIN>'

PowerView / Sharpview

PowerView is a PowerShell tool to gain network situational awareness on Windows domains.

Github (archive): https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

HTB Academy: https://academy.hackthebox.com/course/preview/active-directory-powerview/powerviewsharpview-overview--usage

SharpView is a .NET port of PowerView

Github: https://github.com/tevora-threat/SharpView

Cheatsheet: https://csbygb.gitbook.io/pentips/windows/post-compromise-enum/powerview-sharpview

PreviousLDAP - ReconnaissanceNextLDAP - Privileges Escalation

Last updated