What is Bloodhound?
Bloodhound can be used by both red teamers and blue teamers, to quickly identify interesting relationships between ActiveDirectory objects. It shows the results in a visual way and it’s possible to query the results. You can read the docs here.
Install bloodhound in kali
To install bloodhound it’s just one simple command these days, since its in the kali repositories.
apt install bloodhound
So this will install bloodhound and some dependencies like the neo4j database tool and some other things. Once this is done, you should type
neo4j console
This will start the neo4j database and create a user to access it. Once its started you can browse to http://localhost:7474/ and set a new usersname and/or password.
Type bloodhound to start the tool.
How to use Bloodhound
Now the bloodhound tool is running you should feed it with some interesting domain data. The easiest way is to download the Sharphound ingestor from this website. Extract the file and you can use either the powershell script or the executable. You will need to have some domain credentials and a network link to the Domain Controller. Start a cmd from the folder and type
SharpHound.exe –domain fqdn –ldapusername domain-user –ldappassword password
This will leave you with a ZIP file containing all the parts bloodhound needs.
Within bloodhound you can upload this file and it will process all the information, notifying you when it’s done with the process.