Post Compromise Enumeration

POWERVIEW

PowerSploit/PowerView.ps1 at master · PowerShellMafia/PowerSploitGitHub

SharpHound

BloodHound/SharpHound.ps1 at master · BloodHoundAD/BloodHoundGitHub

PS>
Import-Module C:\Enterprise-Share\sharphound.ps1
Invoke-BloodHound -CollectionMethod All

ie. a zip will be created that we can import in Bloodhound in below format:
20211217084021_BloodHound.zip

BLOODHOUND

Linux — BloodHound 3.0.3 documentation

sudo apt-get install neo4j
sudo neo4j console

This would run the neo4j service. INFO Bolt enabled on localhost:7687 INFO Remote interface available at http://localhost:7474/

Default Credentials: neo4j/neo4j

If there is password error while logging in,

1. Stop neo4j if its running

2. edit /etc/neo4j/neo4j.conf, and uncomment dbms.security.auth_enabled=false

3. connect to the database and run

   ALTER USER neo4j SET PASSWORD 'mynewpass'; :exit

4. Stop neo4j

5. comment out the dbms.security.auth_enabled=false

6. start neo4j

apt install bloodhound

setup neo4j console and open it in browser to access. We can run invoke-bloodhound to collect data and import it in neo4j localhost to get idea about AD.

BloodHound/SharpHound.ps1 at master · BloodHoundAD/BloodHoundGitHub