What is BloodhoundAD ?
Bloodhound Active Directory, is an open source tool developed by pen test devices to analyze active domain directories. The purpose of BloodhoundAD is, ensuring that testers can quickly and easily obtain a comprehensive and easy-to-use investigation of an enviroment ("depositing land" for a given network).
Datas that are collected through using Bloodhound, contain informations of users with administration rights and releated user's access existence to computers in the network and group membership info. All these informations can be exploited by an attacker, so there may be added new users to the groups, available users can be deleted, there may be added new administrators and change the identity of current administrators.
BloodHound, designed it's datas to feed open-source Neo4j graphic database. This permits creating diagrams including BloodHound's existence and privilege levels as well as relationships among user accounts. By choosing a specified network existence, user can create a map that shows ways of acquiring privileged access to the machine and accounts or machines that can get this access.
Installation of BloodHound
You can install BloodHound on Linux, Windows and OSX operation systems. Bloodhound, is dependant on Neo4j. Neo4j is a graphic database operation system written with Java. For this reason, Java is also required for running BloodHound. The purpose of using Neo4j, is to visualize the informations between connections that are obtained via BloodHound. In Windows operating system, Neo4j is required to be installed seperately together with Java's latest version. You may install BloodHound from GitHub from command frame below.
Kod:
git clone https://github.com/adaptivethreat/Bloodhound
The installation is different on Kali Linux. First of all, you should update the storage of installed applications and install the packets via using the commands below.
Kod:
apt-get update apt-get dist-upgrade
After that, BloodHound can be installed by using the command below.
Kod:
apt-get install bloodhound
The command doesn't only install BloodHound, also installs the Neo4j packet at the same time. The next step is to start Neo4j and configure it by using the command below.
Kod:
neo4j console
The command above, starts Neo4j and creates a remote interface to http : // localhost: 7474. Because Neo4j is installed as a default packet with BloodHound, it has the default username and password.
Username: neo4j
Password: neo4j
For security reasons we need to change the default password. To change the default identity information open Neo4j database with the help of a web browser. After http: // localhost: 7474 loads up, Neo4j interface presents the setting to change default password.
To analyze datas with BloodHound, after configuring Neo4j, open BloodHound interface by typing it to the terminal.
The command, as shown below requires the Neo4j asks for the Neo4j database identity info.
In the screenshot we can see that Bolt is activated on the local main computer. Bolt is a network protocol that is used for client - server communication. When Neo4j DB is connected, to open the BloodHound interface, provide the required identity information. The interface loads up with different settings. In the left side, we can see some of the requests created before with database information.
Requests permit the analyzation of datas that are processed of datas from the targeted main computer. Besides of requests created before, it can also be used for special requests. At the right side, you have various settings like importing / exporting the graphic, data upload, threshold settings. The import / export settings are used to import / export valid graphics in JSON format. Upload setting is used to put the datas on BloodHound interface.
Data Collection Requirements
BloodHound usually requires three types of information from Active Directory Networks. This contains :
Giriş yapmış kullanıcılar
Users with administrator rights
Users and relationship with groups
The datas above, can be collected from Bloodhound storage via Powershell Ingestor.
There is a Python based ingostor named BloodHound.py and for this function to work, it needs to be installed manually via pip. Right now, BloodHound.py doesn't support kerberos instead of other investers. Although, it can still perform default data collection tasks such as collecting group membership, collecting local administrator, session collection.
Source : https://www.turkhackteam.org/linux-server-yonetim/1923096-bloodhoundad-nedir.html
Translator : Vilge234
Translator : Vilge234
So
Son düzenleme:
