mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-25 12:01:37 +01:00
Update Handy-BloodHound-Cypher-Queries.md
This commit is contained in:
parent
30d58885cc
commit
49e8c1127f
@ -37,6 +37,11 @@ MATCH (u:User {hasspn: True}) WHERE NOT u.name starts with 'KRBTGT' RETURN u
|
|||||||
MATCH (A:User),(B:Group),p=shortestPath((A)-[*1..]->(B)) WHERE A.hasspn=true AND B.name STARTS WITH 'DOMAIN ADMINS' RETURN p
|
MATCH (A:User),(B:Group),p=shortestPath((A)-[*1..]->(B)) WHERE A.hasspn=true AND B.name STARTS WITH 'DOMAIN ADMINS' RETURN p
|
||||||
```
|
```
|
||||||
|
|
||||||
|
- Finds owned objects that can control other computers:
|
||||||
|
```
|
||||||
|
MATCH (m {owned: True}), (n), p=(m)-[:CanPSRemote|ExecuteDCOM|CanRDP|SQLAdmin|AdminTo]->(n) RETURN p
|
||||||
|
```
|
||||||
|
|
||||||
- Return users that have PASSWORD_NOT_REQUIRED flag set in their UserAccountControl field (thus they have an empty password set) and are enabled
|
- Return users that have PASSWORD_NOT_REQUIRED flag set in their UserAccountControl field (thus they have an empty password set) and are enabled
|
||||||
```
|
```
|
||||||
MATCH (n:User {enabled: True, passwordnotreqd: True}) RETURN n
|
MATCH (n:User {enabled: True, passwordnotreqd: True}) RETURN n
|
||||||
|
Loading…
Reference in New Issue
Block a user