BloodHound

Install and Initial Setup

Kali Linux

When changing the neo4j user password at initial setup, I was experiencing authentication errors when the password contained specific special characters. So, if the password in /etc/bhapi/bhapi.json is correct, but you experience authentication errors, it is almost certainly because of a typo or incompatible character.

https://www.kali.org/tools/bloodhound/

Install BloodHound
Run sudo bloodhound-setup
Open http://localhost:7474/
- Login with neo4j:neo4j
- Change neo4j user password
Update password in /etc/bhapi/bhapi.json
Run sudo bloodhound

Troubleshooting

PostgreSQL Collation Error

WARNING:  database "postgres" has a collation version mismatch
DETAIL:  The database was created using collation version 2.40, but the operating system provides version 2.41.
HINT:  Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version.

sudo runuser -u postgres -- psql -c 'ALTER DATABASE postgres REFRESH COLLATION VERSION; ALTER DATABASE template1 REFRESH COLLATION VERSION;'

Source: https://kali.krfoss.org/troubleshooting/postgresql-collation-mismatch-error/

kfmclient Error

/usr/bin/xdg-open: 744: kfmclient: not found
/usr/bin/xdg-open: 541: test: Illegal number: 
/usr/bin/xdg-open: 542: test: Illegal number: 
/usr/bin/xdg-open: 543: test: Illegal number:

    15  if [ `id -u` -ne 0 ]; then
    16      sudo $0
    17      exit 0
    18  fi

/usr/bin/bloodhound wrapper script restarts the process as root

    46  until curl $URL &>/dev/null; do sleep 1; done
    47  xdg-open $URL

Waits for BloodHound API to start and uses xdg-open to open the URL with the default handler

This is running xdg-open as the root user, which will not work, as X server will not allow GUI apps launched by root to display on the desktop of a non-root user.

sudo sed -i.bak 's/xdg-open/sudo -u $(logname) xdg-open/g' `which bloodhound`

We overwrite the last line of the script to use sudo -u $(logname) and launch the app in the current user's session.

sudo -u $(logname) systemsettings kcm_componentchooser

Make sure you have a default web browser set in this selection

IPv6 DNS Spoofing

LLMNR Poisoning

Enumerating Hosts and Identifying the Domain Controllers

Passback Attacks

SMB Relay

NULL Session Enumeration

Kerberos Pre-Auth Username Enumeration

AS-REP Roasting

NTLM Credential Stuffing

PrintNightmare

Using Faketime for Ad-Hoc Kerberos Authentication

Kerberos Authentication from Kali

LdapDomainDump

Remote Bloodhound

BloodHound

LdapSearch

Dumping DNS Records with adidnsdump

Enum4Linux

NetExec

GetADUsers.py

GetUserSPNs.py

PowerShell AD Module on Any Domain Host as Any User

PowerView

Manual Enumeration

Extracting Secrets from PCAPs

Linux Remote Desktop Client

Pass the Hash

Pass the Password

Pass the Key

Pass the Certificate

Pass the Ticket

Password & Credential Brute Force

Spawn Processes as Other Users

Kerberoasting

Dumping Passwords from Windows Credential Manager

Dumping Hashes without Mimikatz

LdapModify

Mimikatz

Group Policy Preferences (GPP)

Impacket-Addcomputer

DCSync

Token Impersonation

Evil-WinRM Alternatives

PrintNightmare

ZeroLogon

BloodHound

Install and Initial Setup

Kali Linux

Troubleshooting

PostgreSQL Collation Error

kfmclient Error