This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
CME to Bloodhound
Using the module bh_owned from @Pixis you can Set pwned computer as owned in Bloodhound.
cme smb <ip> -u <user> -p <password> -M bh_owned -o PASS=<bloodhound_password>
cme smb 127.0.0.1 -M bh_owned --options
[*] bh_owned module options:
URI URI for Neo4j database (default: 127.0.0.1)
PORT Listeninfg port for Neo4j database (default: 7687)
USER Username for Neo4j database (default: 'neo4j')
PASS Password for Neo4j database (default: 'neo4j')
Note: Using the module LSASSY to dump lsass remotely you can send all credentials found by LSASSY to bloodhound
cme smb 127.0.0.1 -M lsassy --options
[*] lsassy module options:
METHOD Method to use to dump lsass.exe with lsassy. See lsassy -h for more details
REMOTE_LSASS_DUMP Name of the remote lsass dump (default: Random)
PROCDUMP_PATH Path to procdump on attacker host (Required for method 2)
DUMPERT_PATH Path to procdump on attacker host (Required for method 5)
BLOODHOUND Enable Bloodhound integration (default: false)
NEO4JURI URI for Neo4j database (default: 127.0.0.1)
NEO4JPORT Listeninfg port for Neo4j database (default: 7687)
NEO4JUSER Username for Neo4j database (default: 'neo4j')
NEO4JPASS Password for Neo4j database (default: 'neo4j')
WITHOUT_EDGES List of black listed edges (example: 'SQLAdmin,CanRDP', default: '')