{"id":420,"date":"2019-12-31T17:46:16","date_gmt":"2019-12-31T16:46:16","guid":{"rendered":"http:\/\/vroamam.com\/wordpress\/?p=420"},"modified":"2020-01-01T14:29:42","modified_gmt":"2020-01-01T13:29:42","slug":"bloodhound","status":"publish","type":"post","link":"https:\/\/vroamam.com\/wordpress\/blog\/bloodhound\/","title":{"rendered":"BloodHound"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Part 1 &#8211; Installing The Software<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"100\" height=\"100\" src=\"http:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/BloodHound-e1577806174492.png\" alt=\"BloodHound Coloured Logo\" class=\"wp-image-422\"\/><\/figure><\/div>\n\n\n\n<p>I was asked to investigate the use of BloodHound to see if it might provide some insight into Active Directory and its privileges and trusts at work. I decided to install this onto my home lab first and this post will cover what I did to install the software, which tutorials I followed. Part 2 will discuss how I created my first data upload. <\/p>\n\n\n\n<p>Like my other posts this is primarily an aide-memoire for me when I come to do it again somewhere else, but I have brought together several bits of information that as a complete novice to Bloodhound I had to search for.<\/p>\n\n\n\n<p>Initially I installed BloodHound in Kali I had Kali 2019.3 built so I updated it and installed Bloodhound using the aptitude installer. I&#8217;d recommend following <a href=\"https:\/\/blog.zsec.uk\/bloodhound-101\/\">this article<\/a> by Andy Gill (<a href=\"https:\/\/twitter.com\/ZephrFish\">@zephrfish<\/a>) if you want to build from source.<\/p>\n\n\n\n<p>Simple install in Kali 2019.3<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">$ sudo apt update &amp;&amp; sudo apt upgrade<\/p>\n<\/div><\/div>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">$ sudo apt install bloodhound<\/p>\n\n\n\n<p>Once this was completed, I attempted to launch neo4j. <\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">$ neo4j start<\/p>\n\n\n\n<p>At this point I had some errors pop up that weren&#8217;t overly helpful. When I read the messages closely I did eventually get to the point that they are  referencing missing directories. So to save you my pain, I had to create these five directories manually. <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>\/usr\/share\/neo4j\/logs<\/li><li>\/usr\/share\/neo4j\/plugins<\/li><li>\/usr\/share\/neo4j\/import<\/li><li>\/usr\/share\/neo4j\/run<\/li><\/ul>\n\n\n\n<p>Since doing this I believe that I should have started neo4j with the following command which would not have required the additional directories<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">$ neo4j console<\/p>\n\n\n\n<p>Once you&#8217;ve started the console, browse to http:\/\/localhost:7474<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"709\" height=\"298\" src=\"http:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Neo4j.png\" alt=\"\" class=\"wp-image-426\"\/><figcaption>Neo4j &#8211; Login Screen<\/figcaption><\/figure>\n\n\n\n<p>On initial login you will be required to change the password:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"656\" height=\"215\" src=\"http:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Neo4j-new-password.png\" alt=\"\" class=\"wp-image-427\"\/><figcaption>Neo4j &#8211; Change Password Dialogue<\/figcaption><\/figure>\n\n\n\n<p>Once this is complete neo4j should be installed and working<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1314\" height=\"604\" src=\"http:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.26.52.png\" alt=\"\" class=\"wp-image-432\" srcset=\"https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.26.52.png 1314w, https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.26.52-1000x460.png 1000w, https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.26.52-768x353.png 768w\" sizes=\"auto, (max-width: 1314px) 100vw, 1314px\" \/><figcaption>Neo4j Web Console<\/figcaption><\/figure>\n\n\n\n<p>Leave this running and open a new terminal to start Bloodhound by typing<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">$ BloodHound<\/p>\n\n\n\n<p>you should be prompted with this screen<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"415\" height=\"414\" src=\"http:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/BloodhoundLogin.png\" alt=\"\" class=\"wp-image-428\" srcset=\"https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/BloodhoundLogin.png 415w, https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/BloodhoundLogin-150x150.png 150w\" sizes=\"auto, (max-width: 415px) 100vw, 415px\" \/><figcaption>BloodHound Login Screen<\/figcaption><\/figure>\n\n\n\n<p>If you didn&#8217;t change the default password for the neo4j database you will see this error, go back and change the password.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"799\" height=\"392\" src=\"http:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.22.02.png\" alt=\"\" class=\"wp-image-431\" srcset=\"https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.22.02.png 799w, https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.22.02-768x377.png 768w\" sizes=\"auto, (max-width: 799px) 100vw, 799px\" \/><figcaption>BloodHound Login Screen (password error)<\/figcaption><\/figure>\n\n\n\n<p>If all is well you should see this<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.29.11.png\" alt=\"\" class=\"wp-image-433\" width=\"444\" height=\"270\" srcset=\"https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.29.11.png 1314w, https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.29.11-1000x610.png 1000w, https:\/\/vroamam.com\/wordpress\/wp-content\/uploads\/2019\/12\/Screenshot-2019-12-31-at-16.29.11-768x468.png 768w\" sizes=\"auto, (max-width: 444px) 100vw, 444px\" \/><figcaption>BloodHound opening screen (No Data)<\/figcaption><\/figure>\n\n\n\n<p>In Part 2 I&#8217;ll discuss more about running SharpHound and collecting data.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Part 1 &#8211; Installing The Software I was asked to investigate the use of BloodHound to see if it might provide some insight into Active Directory and its privileges and trusts at work. I decided to install this onto my home lab first and this post will cover what I did to install the software, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[70,71,2],"tags":[72,74,73,75],"class_list":["post-420","post","type-post","status-publish","format-standard","hentry","category-active-directory","category-bloodhound","category-cybersec","tag-bloodhound","tag-kali","tag-linux","tag-neo4j","entry"],"_links":{"self":[{"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/posts\/420","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/comments?post=420"}],"version-history":[{"count":16,"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/posts\/420\/revisions"}],"predecessor-version":[{"id":467,"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/posts\/420\/revisions\/467"}],"wp:attachment":[{"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/media?parent=420"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/categories?post=420"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vroamam.com\/wordpress\/wp-json\/wp\/v2\/tags?post=420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}