I recently came across a network penetration test that taught me how to install bloodhound which I was going to use to enumerate kerberos. Kerberos is a computer authentication protocol that works on basis of tickets to allow node communication over a non secure network (Internet) to prove their identity of one another in a secure method.
I initially started with nmap and one of the results showed that port 88 was open which was running kerberos service. After getting valid username’s and password, I used evilwinrm to get shell, after getting a shell I had to use bloodhound which was going t help me map out the relationship of accounts in the active directory and the shortest route to the admin account (privilege escalation).
The first step was to install bloodhound on my local machine where I typed in the following commands
root@kali :- apt-get install bloodhound -y
After a successful installation I run the command neo4j consoleto get the url to register for neo4j.
i opened my web browser and pasted httpss://localhost:7474 in the url. Changed the credentials and logged in.
Next I went to the terminal and typed bloodhound and a terminal appeared where filled in the username and password, where the username is neo4j and the password is the password that you registered with in neo4j
Since I had logged in melanie account the next step was to upload sharphound and then executed it,
then after that I extracted the kerberos file and downloaded them to my local machine
After that I had to feed the downloaded kerberos file to bloodhound and got to see the relationship of the active directory in the target machine.