bloodhound-quickwin

Simple script to extract useful informations from the combo BloodHound + Neo4j. Can help to choose a target.

Prerequisites

python3

pip3 install py2neo
pip3 install pandas

Example

Use your favorite ingestor to gather ".json"
Start your neo4j console
Import "*.json" in bloodhounnd
Run ./bhqc.py

Usage

[email protected] $ ./bhqc.py -h
usage: bhqc.py [-h] [-b BOLT] [-u USERNAME] [-p PASSWORD]

Quick win for bloodhound + neo4j

optional arguments:
  -h, --help            show this help message and exit
  -b BOLT, --bolt BOLT  Neo4j bolt connexion (default: bolt://127.0.0.1:7687)
  -u USERNAME, --username USERNAME
                        Neo4j username (default : neo4j)
  -p PASSWORD, --password PASSWORD
                        Neo4j password (default : neo4j)

Output

[email protected] $ ./bhqw.py

###########################################################
[*] Enumerating all domains admins (rid:512|544) (recursive)
###########################################################

[+] Domain admins (group) 	: DOMAIN [email protected]
[+] Domain admins (group) 	: ENTERPRISE [email protected]
[+] Domain admins (group) 	: [email protected]
[+] Domain admins (enabled) 	: [email protected] [LASTLOG: < 1 year]
[+] Domain admins (enabled) 	: DIRECTOR.TREN[email protected] [SPN] [LASTLOG:  NEVER]
[+] Domain admins (enabled) 	: [email protected] [ASREP] [LASTLOG:  NEVER]

###########################################################
[*] Enumerating privileges SPN
###########################################################

[+] SPN DA (enabled) 	: [email protected]

###########################################################
[*] Enumerating privileges AS REP ROAST
###########################################################

[+] AS-Rep Roast DA (enabled) 	: [email protected]

###########################################################
[*] Enumerating all SPN
###########################################################

[+] SPN (enabled) 	: [email protected]
[+] SPN (enabled) 	: [email protected]
[+] SPN (enabled) 	: [email protected]
[+] SPN (enabled) 	: [email protected] [AdminCount]
[+] SPN (enabled) 	: [email protected]
[+] SPN (disabled) 	: [email protected] [AdminCount]

###########################################################
[*] Enumerating AS-REP ROSTING
###########################################################

[+] AS-Rep Roast (enabled) 	: [email protected]
[+] AS-Rep Roast (enabled) 	: [email protected] [AdminCount]

###########################################################
[*] Enumerating Unconstrained account
###########################################################

[+] Unconstrained user (enabled) 	: [email protected]

###########################################################
[*] Enumerating Constrained account
###########################################################

[+] Constrained user (enabled) 	: [email protected] ['snmp/dc1.FBC.LAB']

###########################################################
[*] Enumerating Unconstrained computer
###########################################################

[+] Unconstrained computer (enabled) 	: DC1.FBC.LAB [Windows Server 2016 Standard]

###########################################################
[*] Stats
###########################################################

+--------------------------------------------+------------+-------+
|                Description                 | Percentage | Total |
+--------------------------------------------+------------+-------+
|                 All users                  |    N/A     |   21  |
|             All users (enabed)             |   85.71    |   18  |
|            All users (disabled)            |   14.29    |   3   |
|     Users with 'domain admins' rights      |   16.67    |   3   |
|      Not logged (all) since 6 months       |    0.0     |   0   |
|    Not logged (enabled) since 6 months     |    0.0     |   0   |
| Password not changed > 1 y (enabled only)  |    0.0     |   0   |
| Password not changed > 2 y (enabled only)  |    0.0     |   0   |
| Password not changed > 5 y (enabled only)  |    0.0     |   0   |
| Password not changed > 10 y (enabled only) |    0.0     |   0   |
|               Users with SPN               |   33.33    |   6   |
|          Users with AS REP ROAST           |   11.11    |   2   |
|      Users enabled and has never log       |   88.89    |   16  |
+--------------------------------------------+------------+-------+

Simple script to extract useful informations from the combo BloodHound + Neo4j

Related tags

Overview

bloodhound-quickwin

Prerequisites

Example

Usage

Output

Owner

Telegram Bot to learn English by words and more.. ( in Arabic )

in-progress decompilation of Gauntlet Legends decompression code on the N64

Easy Discord Webhook Token Grabber!

A simple worker for OpenClubhouse to sync data.

Framework for Telegram users and chats investigating.

SimpleDCABot is a simple bot that buys crypto with a dollar-cost averaging strategy.

multi-purpose discord bot

Univerity-student oriented (lithuanian) discord bot

BanAllBot - Telegram Code To Ban All Group Members very fast

A Telegram Userbot to play Audio and Video songs / files in Telegram Voice Chats

The Foursquare API client for Python

A code that can make your 5 accounts stay 24/7 in a discord voice channel!

A Rich renderable for viewing Multiple Sequence Alignments in the terminal.

fair-test is a library to build and deploy FAIR metrics tests APIs supporting the specifications used by the FAIRMetrics working group.

API to retrieve the number of grades on the OGE website (Website listing the grades of students) to know if a new grade is available. If a new grade has been entered, the program sends a notification e-mail with the subject.

A google search telegram bot.

A simple API Wrapper for Guilded.

NitroSniper - A discord nitro sniper, it uses 2 account tokens here's the explanation

A simple tool that lets you know when you are out of Lost Ark's queues

⚡ Yuriko Robot ⚡ - A Powerful, Smart And Simple Group Manager Written with AioGram , Pyrogram and Telethon