Git
/
mgeeky-Penetration-Testing-Tools
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Handy-BloodHound-Cypher-Queries.md

This commit is contained in:
mgeeky 2020-03-10 23:30:42 +01:00
parent 016fe017ac
commit 218bb0fb7d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
red-teaming/Handy-BloodHound-Cypher-Queries.md
View File

@ -100,7 +100,7 @@ MATCH (n) WHERE n.description CONTAINS '\\\\' RETURN n.name, n.description
RETURN shortestPath((O:{owned:True})-[*1..]->(H {highvalue: True})) RETURN shortestPath((O:{owned:True})-[*1..]->(H {highvalue: True}))
``` ```
- Riccardo Ancarani's cypher queries (src: [GPOPowerParser](https://github.com/RiccardoAncarani/GPOPowerParser)) useful for any lateral movement insights: - [Riccardo Ancarani's](https://github.com/RiccardoAncarani) cypher queries (src: [GPOPowerParser](https://github.com/RiccardoAncarani/GPOPowerParser)) useful for any lateral movement insights:
- Find all the NTLM relay opportunities for computer accounts: - Find all the NTLM relay opportunities for computer accounts:
``` ```
MATCH (u1:Computer)-[:AdminTo]->(c1:Computer {signing: false}) RETURN u1.name, c1.name MATCH (u1:Computer)-[:AdminTo]->(c1:Computer {signing: false}) RETURN u1.name, c1.name
@ -112,4 +112,4 @@ MATCH (u2)-[:MemberOf*1..]->(g:Group)-[:AdminTo]->(c2 {signing: false}) RETURN u
MATCH (u:User)-[:CanRDP]->(c:Computer) WITH u,c MATCH (u:User)-[:CanRDP]->(c:Computer) WITH u,c
OPTIONAL MATCH (u)-[:MemberOf*1..]->(g:Group)-[:CanRDP]->(c) WITH u,c OPTIONAL MATCH (u)-[:MemberOf*1..]->(g:Group)-[:CanRDP]->(c) WITH u,c
MATCH (u)-[:CanPrivesc]->(c) RETURN u.name, c.name MATCH (u)-[:CanPrivesc]->(c) RETURN u.name, c.name
``` ```