apt install bloodhound
neo4j console
#After GUI pops up, enter default creds --> neo4j:neo4j
#Change user password
#After neo4j is up and running, you can launch bloodhound and authenticate
with new creds
bloodhound
#Install Bloodhound Data Ingestor with pip3
pip3 install bloodhound
#Setting up Sharphound
#Grab the powershell and executable versions then transfer
#to target with powershell/certutil
Powershell
https://github.com/BloodHoundAD/BloodHound/raw/master/Collectors/SharpHound.ps1
.exe
https://github.com/BloodHoundAD/BloodHound/raw/master/Collectors/SharpHound.exe
#Usage
.\SharpHound.exe (vanilla)
powershell -ep bypass (powershell)
.\SharpHound.ps1
#Let the collector run and exfil the .zip file to Kali for analysis
#Usage
#After transferring sharphound to target , run using powershell
Invoke-BloodHound -CollectionMethod All domain REDCLIFF.local -ZipFileName loot.zip
#At this point exfile the loot.zip file to Kali VM and open using Bloodhound GUI --> import graph
bloodhound-python -u administrator -p password123 -ns 192.168.1.172 -d redcliff.local -c All