-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Support for Bloodhound Version 2 Data? :) #1
Comments
I could take a look at it when I get a moment of free time. If you have any v2 dump you could share with me to see how it looks that'd be great :) |
So I can't provide the data I have because it's from a client network, but if you run ntlmrelayx -t ldap://IP --delegate-access in a network with a domain controller alongside responder it gives version 2 data. Not sure if maybe there's a Hack The Box machine/network where that might work? |
So a small status update, while I couldn't for whatever reason get ntlmrelayx to dump the data for me, I ended up digging in its sources to see how it does it and it seems just to call There exists this project which does the conversion of ldapdomaindump data to bloodhound v3 which would be the tool to use in this case I presume (and then convert the v3 from that into v4 with the current version of bloodhound-convert). I still plan on adding actual v2 support though as I obtained some old dumps from ctf boxes, not sure when it'll land though. |
Wow that is a lot more work than I was even hoping for. I'm a little shocked ldapdomaindump was in the code, figured it was custom. Thanks to you I was able to get my data in to v3 format and get bloodhound to run it. Apparently ldd2bloodhound is a tool that's built stock into kali linux and it didn't work for my purposes but that python script you posted did. Very useful niche here! If you built the tool to cover the landscape I bet the kali people would consider adding it to their source repos. |
Hey love that this project even exists, but I'm currently struggling to get V2 data into bloodhound and that's the only kind ntlmrelayx dumps. Would love to see version 2 support if you're still working on this!
The text was updated successfully, but these errors were encountered: