We need neo4j first:
sudo neo4j console
It creates “Bold enabled on localhost:7687” and gives us a clickable link for remote interface. Click on it!
login to neo4j
run bloodhound
sudo bloodhoundlogin using neo4j creds
run bloodhound ingesters:
FIX:
sudo apt -y remove crackmapexec
sudo apt -y install pipx python3-venv
pipx ensurepath
python3 -m pip install pipx --user
sudo git clone https://github.com/mpgn/CrackMapExec /opt/CrackMapExec
cd /opt/CrackMapExec
pipx install . --force
getshell=$(echo $SHELL | cut -d "/" -f4)
echo "export PATH=$PATH:$HOME/.local/bin" >> "$HOME/.$getshell"rc
source ~/.zshrc
cme
echo "export PATH=\$HOME/.local/bin:\$PATH" >> "$HOME/.$getshell"rc"
cd ~/.local/pipx/venvs/crackmapexec/bin/
./bloodhound-python -d MARVEL.local -u fcastle -p Password1 -ns 192.168.218.136 -c all --zipmv 20231005021847_bloodhound.zip /home/kali/bloodhound
cd /home/kali/bloodhound
ls
unzip 2023 tab
#sudo python3 /home/kali/.local/pipx/venvs/crackmapexec/bin/bloodhound-python -d MARVEL.local -u fcastle -p Password1 -ns 192.168.218.136 -c all-d for domain
-u for user found earlier
-p for password we cracked
-ns for name server, the domain controller
-c for what we are collecting. All for all data that we possibly can.
Upload jsons to the bloodhound sesh opened earlier
You can visualize the network and perms. You can mark targets as owned and see shortest path to domain admin/controller!