So speaking of Bloodhound it’s just a domain mapping tool, and sharphound is the tool to collect information when running in the victim’s machine to map the domain as this is complex for beginners to use, ppl made a new ingestor which is in python which will run the attacker machine itself to collect the mapping data, but when i was doing pathfinder, i tried the python bloodhound but it dint work(the json were created but couldnt map it), so i went old school
When you say you went old school; what did you do?
I am having no luck with Bloodhound, fresh install of kali and getting “Missing required parameter ‘digestmod’”
what I did was using the original bloodhound version, which uses sharphound.ps1 or sharphound.ps2
Would love to see a walk-through of this box WITHOUT using bloodhound…
You can technically avoid bloodhound and complete the box, but it is just a trial or error method as there are only 3 users, where one is administrator, so trying to dump pass using either of the user will give u dumb, but think of a real-world scenario , there would be more than 20 people connected to domain, u cant brute-force dumping pass on them , thats why bloodhound makes life easier
@Ja4V8s28Ck said:
You can technically avoid bloodhound and complete the box, but it is just a trial or error method as there are only 3 users, where one is administrator, so trying to dump pass using either of the user will give u dumb, but think of a real-world scenario , there would be more than 20 people connected to domain, u cant brute-force dumping pass on them , thats why bloodhound makes life easier
That’s not true at all. You can very easily see which users are a member of which groups with a simple LDAP query, and can see which users/groups have DC sync permissions by just using the built in DSACLS command. There’s no trial and error (or brute force / guessing) involved in this machine, regardless of how many user accounts there were.
There’s this issue in the Bloodhound.py repository. The issue is due to the ldap3 incompatible with python3.8. It seems python3-ldap is of lower version than pip’s.
I was getting that digestmod error as well. I can’t really help you with fixing it other than to deploy a whole new VM and build of Kali. I have about 6 or 7 versions of python installed and something is screwed in the python config. Sometimes other python apps have issues as well.
Im left marginally frustrated with this as I want one machine (my laptop) to be able to do everything I need.
If you fix it please do share the solution as I am faced with rebuilding the laptop if a solution doesn’t come along.
Have you tried upgrading the required packages (impacket, ldap3, dnspython) ? I got this digestmod error and after the upgrade I got the cannot import name 'PyAsn1UnicodeDecodeError' from 'pyasn1.error'. Then I googled this error and I just had to upgrade pyasn1 and now Bloodhound works. Sometimes the pre-installed packages in ISO or Kali VM are a little bit outdated (I hope its the right word, Native french sorry). You just need to upgrade them, that’s why when you uninstall and reinstall them, you’re installing the lastest version of all the packages . Hope my post will be useful for someone. Good luck !
Hello, I have also an issue with the bloodhound part.
I use the following command which works:
kali@kali:~/Downloads/blood_attack$ python3 -m bloodhound -d megacorp.local -u sandra -p “Password1234!” -gc pathfinder.megacorp.local -c all -ns 10.10.10.30
INFO: Found AD domain: megacorp.local
INFO: Connecting to LDAP server: Pathfinder.MEGACORP.LOCAL
INFO: Found 1 domains
INFO: Found 1 domains in the forest
INFO: Found 1 computers
INFO: Connecting to LDAP server: Pathfinder.MEGACORP.LOCAL
INFO: Found 5 users
INFO: Connecting to GC LDAP server: pathfinder.megacorp.local
INFO: Found 51 groups
INFO: Found 0 trusts
INFO: Starting computer enumeration with 10 workers
INFO: Querying computer: Pathfinder.MEGACORP.LOCAL
INFO: Done in 00M 05S
But when i drag & drop json files in bloodhound i have always:
NO DATA RETURNED FROM QUERY
I use bloodhound 3.0.4 on a kali debian 2020.2
Python 3.8.3 and neo4j 4.1.0
I don’t see any link between nodes and the only query working is “List all Kerberoastable Accounts”.