Basic Bloodhound Intro
Posted Jan 16, 2025 09:31 AM
BloodHound is a tool that utilizes graph theory to uncover hidden relationships in an Active Directory environment. Attackers can leverage BloodHound to identify complex attack paths that would otherwise be difficult to discover quickly, while defenders can use it to detect and eliminate these paths.To install BloodHound, open your Kali instance and navigate to the terminal. Use the command apt-get install bloodhound to install BloodHound. During the installation, the neo4j database management solution, which is required for BloodHound, will also be installed and will need to be configured.
![[Image: bh1.png]](https://i.ibb.co/3sH1NFx/bh1.png)
After installation, configure neo4j by changing the default passwords. Run neo4j console and go to http://localhost:7474/ to set up a database user account with new credentials. These credentials will be needed when launching BloodHound.
![[Image: bh2.png]](https://i.ibb.co/r52n3XT/bh2.png)
To enable BloodHound to analyze an Active Directory domain, perform enumeration to produce a JSON file describing relationships and permissions between AD objects. This JSON file can then be imported into BloodHound. Use the tool SharpHound for AD enumeration.
If you are on a machine that is a member, but you are authenticated as a local user, but have credentials for a domain user, you can obtain a shell for that user using the command runas /user:herman@dom1 powershell. If the machine is not a domain member:
runas /netonly /user:herman@dom1 powershell.
After obtaining the necessary data, use the command
..\SharpHound.ps1
followed by :
Invoke-BloodHound -CollectionMethod All -JSONFolder “c:\temp\bloodhound”
The JSON file can then be dragged and dropped into the BloodHound interface for ingestion.
Once the import is complete, explore the data using pre-canned queries in BloodHound to visualize relationships and identify potential security vulnerabilities. These queries can help find things like All Domain Admins and Shortest Path to Domain Admins, which can aid attackers in escalating privileges and compromising the entire domain or forest.
![[Image: bh3.png]](https://i.ibb.co/KXsfHZs/bh3.png)
