New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Credential parameter missing #113

Closed
ama21n opened this Issue Aug 10, 2017 · 6 comments

Comments

Projects
None yet
3 participants
@ama21n
Copy link

ama21n commented Aug 10, 2017

Is it possible to run bloodhound from a workstation / non-domain associated host, using enumerated domain credentials?

It appears Invoke-Bloodhound may be missing the -Credential parameter, which is available on other powersploit functions that perform a very similar task.

Alternatively, using BloodHound within a PS shell after running "runas /netonly /user:<username><powershell.exe_path>" doesn't work either. The following error is given:
"Current security context is not associated with an Active Directory domain or forest."

Powersploit's dev branch has a number of functions (eg Find-DomainUserLocation & Get-DomainComputer) that support comma separated values with the -Credential parameter, I would have thought this functionality would have ported over to BloodHound

Is there anything obvious I may not have tried or seen?

@rvazarkar

This comment has been minimized.

Copy link
Collaborator

rvazarkar commented Sep 5, 2017

The new ingestor supports RunAs properly. Should be released soon-ish

@rvazarkar

This comment has been minimized.

Copy link
Collaborator

rvazarkar commented Sep 25, 2017

https://github.com/BloodHoundAD/SharpHound/releases

RunAs should work with both the .ps1 and exe. Give it a try and let me know!

@rvazarkar rvazarkar closed this Sep 25, 2017

@raul5660

This comment has been minimized.

Copy link

raul5660 commented Oct 12, 2017

@rvazarkar i'm having an issue when trying to do the run as. I do the following:

runas /netonly /user:DOMAIN\USER powershell.exe
cd C:\Users\user\Desktop\BloodHound-master\BloodHound-master\Ingestors
Import-Module .\SharpHound.ps1

I then get the following:
bloodhoundissue

Its a bit of a concern that bloodhound would be storing/looking for data in system32. If you have any recommendations let me know.

@rvazarkar

This comment has been minimized.

Copy link
Collaborator

rvazarkar commented Oct 12, 2017

@raul5660 this is just a weird byproduct of the way PowerShell works with directories. For some reason it maintains the current working directory where you start PowerShell, and not the directory you CD into. I'll see if I can come up with a fix. The file being written is the cache file for BloodHound, nothing dangerous.

@rvazarkar rvazarkar reopened this Oct 12, 2017

@raul5660

This comment has been minimized.

Copy link

raul5660 commented Oct 12, 2017

@rvazarkar alright well if there's anything i can do to help let me know.

@rvazarkar

This comment has been minimized.

Copy link
Collaborator

rvazarkar commented Oct 12, 2017

Should be fixed in fb1afd0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment