Bloodhound & ldapdomaindump

Basics

Bloodhound is one of the most important enumeration tools for Active Directory domains. With this tool you are able to analyze important relationships between objects such as users, computers, groups or policies. In particular, Bloodhound displays these relationships which can be used for lateral movement and privilege escalations, as a graph that can be analyzed in a very easy and user-friendly way.

Bloodhound

bloodhound-python

bloodhound-python -u <USER> -d <DOMAIN> -p <PASSWORD> -c all -ns <NAMESERVER/DC_IP> --zip

Kerberos-only:

bloodhound-python -u <USER> -d <DOMAIN> -p <PASSWORD> -c all -k -ns <NAMESERVER/DC_IP> --zip

NetExec

nxc ldap <IP> -u <USER> -p <PASSWORD> --bloodhound --collection All

Kerberos-only:

nxc ldap <IP> -u <USER> -p <PASSWORD> -k --bloodhound --collection All

ldapdomaindump

ldapdomaindump --no-json --no-grep -o <OUT_FILE> -r >DC_IP> -u <DOMAIN>\\<USERNAME> -p '<PASSWORD>'

Currently no support for kerberos authentication & always fetch as html for better visualization in browser

PreviousInsecure Logins NextNTLMRelaying (445)

Last updated 7 months ago

Was this helpful?