BloodHound

BloodHound is a versatile and powerful tool for AD enumeration and analysis.

Source: https://github.com/BloodHoundAD/BloodHound

Doc: https://bloodhound.readthedocs.io/en/latest/index.html

apt install bloodhound neo4j
neo4j console
go to localhost:7474 and change de password [ default > neo4j:neo4j ]
bloodhound

Covenant:

shell sharphound.exe -c all = this will capture all domain objects
sharphound saves into a zip file, go ahead and copy the file name
download <bloodhound.zip>
click in the file inside covenant > save file

BloodHound:

drag and drop the bloodhound.zip that we got earlier
Database info
Analysis > Find all domain Admins
Analysis > Find Shortest Paths to Domain Admins > click in connection GenericAll > help > abuse info

Image credit: https://twitter.com/SadProcessor