Installing BloodHound on Windows - blackgem

W E L C O M E

https://i.imgur.com/fEamA3G.png

    • Sunday, June 11, 2023

    Home active directory AD microsoft AD red team Windows Installing BloodHound on Windows

    Installing BloodHound on Windows



    BloodHound, is a tool wide used by red teamers to interact and find attack paths within a domain. It utilizes graph theory to uncover hidden and often unintended connections in an Active Directory environment. 


    It operates as a single-page Javascript web app, built on Linkurious and powered by a Neo4j database that receives data from a PowerShell ingestor. 

    BloodHound enables users to assess Active Directory settings effectively by helping discover intricate attack routes that would be challenging to identify rapidly. Additionally, it allows defenders to detect and eliminate these attack paths. As of version 4.0.0, BloodHound offers support for Azure.

    Installing Pre-Requisites 

    Download OpenJDK

    The first step is to download OpenJDK, curently neo4j supports OpenJDK17 even when the last version is JDK20. For this go to Microsoft Site to download the version for Windows.



    Once OpenJDK is installed, we can now see that the environment variable for JDK has been created.

    Open a CMD and type 

    rundll32.exe sysdm.cpl, EditEnvironmentVariables



    Installing Node4j


    Go to the Official site of Node4j and Download the Community Edition latest version.


    Make sure you create a dedicated folder for BloodHound, this way it will be easier to connect the database and the application.




    Now open  CMD and run it as administrator


    and navigate to the path where you have the \bin folder for neo4j.


    cd C:\Users\info\Desktop\info\tools\Blood Hound\neo4j-community-4.4.21-windows\neo4j-community-4.4.21\bin


    To install execute:


    neo4j.bat windows-service install



    Once installed successfully, start the service by executing

    net start Neo4j


    This is case sensitive so remember that the N is in uppercase.


    Neo4j Web Console

    Now let's move to the neo4j web console, this opens by default in port 7474

    http://localhost:7474

    Make sure local firewalls are down and the browser accepts insecure connections. ATP also must be disabled.

    This tool is used for red team exercise that is why we lower all the shields, hence why we need to have a dedicated VM for this type of insecure configuration.

    Login into the Neo4j web Console

    The default credentials to authenticate to the neo4j web console are username neo4j, password neo4j, you will be prompted to change your password after first login.


    At this point we have the database in neo4j up and running.


    BloodHound Installation

    Lets go to the official BloodHound repo and download the latest release for Windows.



    And once it is installed we login with the neo4j credentials to connect to the database.


    Now you have BloodHound installed correctly in your windows environment.

    Next you will have to run a collector so you can start extracting data to be ingested into your BloodHound.

    By default SharpHound comes in the BloodHound installation. 



    Once you are in the domain, the data collector will detect the domain properties available to extract such as users, groups etc.

    Typically you can save these in .svc files and upload them into the Blood Hound console.

    This is it, I hope you find this information useful and I wish you happy hacking! 


    Tags
    Share This
    Author Image

    About blackgem

    by blackgem at
    Tags , , , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    About blackgem

    blackgem offensive / defensive security specialist looking to give back to the community by posting some of the experiences, how to's, tutorials, etc. Passionate about legacy, current and emerging technologies.