Intro
I have had a few people over the last couple of months asking me how to get Bloodhound up and running after I had sung its praise since seeing the “Six Degrees to Domain Admin” video from BSIDES Las Vegas. If you still haven’t seen the video I am referring to I suggest you take a peek before proceeding.
[su_youtube url=”https://www.youtube.com/watch?v=lxd2rerVsLo”]
It really is such an awesome tool and I highly recommend it to not only info-sec professionals but to anyone who administrates an Active Directory environment.
The awesome news is that Bloodhound is now in the Kali Linux repository’s and is super easy to install and get up and running and I will show you how.
Ensure an up-to-date system.
Firstly, please ensure you’re running the latest and greatest by performing a dist-upgrade like so.
apt-get update
and then
apt-get dist-upgrade
Installing Bloodhound
You guessed it, simply run the following. Bloodhound depends on neo4j so that will be installed as well.
apt-get install bloodhound
Change the Default Password for Neo4j
We really should change the default password for Neo4j, you know.. For reasons.
Let’s launch Neo4j
neo4j console
We now have a remote interface available at http://localhost:7474. Let’s head over there via a browser and change that default password. You will also see that it enabled Bolt on the localhost, we need this for later.
Login with the default credentials (below) you will then be asked to change the password :-
- Username: neo4j
- Password: neo4j
Go ahead and complete the password change and close the browser window.
Let the Hound See The Blood
Pop a new terminal window open and run the following command to launch Bloodhound, leave the Neo4j console running for obvious reasons.
bloodhound
As you can see, Bloodhound is now running and waiting for some user input. Earlier when launching Neo4j it also enabled Bolt on bolt://127.0.0.1:7687. You need to use this as your Database URL.
- Database URL – bolt://127.0.0.1:7687
- Username – neo4j
- Password – your newly changed password
Hit login and you should be presented with the Bloodhound tool minus any data. You can now import your data and get analyzing.
Hopefully this was a nice and quick guide to help anyone out there having any issues getting up and running with the awesome tool that is Bloodhound.
I also want to take a moment to thank @_wald0, @CptJesus, and @harmj0y for their continued hard work on this amazing project.
Cheers Guys!
hi,What is this tool for?
Please see the video in the post. This will give you a good over view of what the tool is about.
Upgrading Kali Rolling today breaks Neo4j: Neo4j reports
“You are using an unsupported version of the Java runtime. Please use Oracle(R) Java(TM) Runtime Environment 8, OpenJDK(TM) 8 or IBM J9”
Output of java –version is
openjdk 9.0.4
OpenJDK Runtime Environment (build 9.0.4+12-Debian-2)
OpenJDK 64-Bit Server VM (build 9.0.4+12-Debian-2, mixed mode)
Will raise as an issue on the Bloodhond Github, but recording here in the hope it helps others.
I solved the issue by adding the following line at the beginning of /etc/neo4j/neo4j.conf:
JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
After this it worked and I was able to connect to the web service.
Reference: https://github.com/neo4j/neo4j/issues/7188
Thanks for sharing your fix with the community.
I can’t seem to find any good instructions on how to get data INTO BloodHound. The github page goes through the installation as does this page, but neither talk about the PowerShell component or alternative methods on getting data in. Admittedly, I’m a Linux neophyte so I could really just be that dense and I’m missing it.
Have you read here https://github.com/BloodHoundAD/BloodHound/wiki/Data-Collection-Intro
I also thank MECHGT for the helpful response.
And belated thanks go to James for covering so much ground so well. Kali has niche considerations which mean generic Debian instructions *might* leave you with a bork’d platform.
However I do want to echo XSNAKEDOCTOR’s point, perhaps slightly varied:
When following a default Kali installation, where does “apt” place the ingestors? I could acquire directly from Github, but that will inevitably fall prey to incompatibility, as the Kali-packaged version won’t remain in step with the Github repository.
Armed with information, it would then be trivial to follow the “Data Collection” wiki.
Thanks
Hi Stevie, Do you think it would be worth me creating a post on how to get data into a bloodhound?