Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-11-22 02:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Handy-BloodHound-Cypher-Queries.md

Browse Source
This commit is contained in:
Mariusz B 2020-03-29 19:32:28 +02:00 committed by GitHub
parent 30d58885cc
commit 49e8c1127f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
red-teaming/Handy-BloodHound-Cypher-Queries.md
View File

@ -37,6 +37,11 @@ MATCH (u:User {hasspn: True}) WHERE NOT u.name starts with 'KRBTGT' RETURN u
MATCH (A:User),(B:Group),p=shortestPath((A)-[*1..]->(B)) WHERE A.hasspn=true AND B.name STARTS WITH 'DOMAIN ADMINS' RETURN p MATCH (A:User),(B:Group),p=shortestPath((A)-[*1..]->(B)) WHERE A.hasspn=true AND B.name STARTS WITH 'DOMAIN ADMINS' RETURN p
``` ```
- Finds owned objects that can control other computers:
```
MATCH (m {owned: True}), (n), p=(m)-[:CanPSRemote|ExecuteDCOM|CanRDP|SQLAdmin|AdminTo]->(n) RETURN p
```
- Return users that have PASSWORD_NOT_REQUIRED flag set in their UserAccountControl field (thus they have an empty password set) and are enabled - Return users that have PASSWORD_NOT_REQUIRED flag set in their UserAccountControl field (thus they have an empty password set) and are enabled
``` ```
MATCH (n:User {enabled: True, passwordnotreqd: True}) RETURN n MATCH (n:User {enabled: True, passwordnotreqd: True}) RETURN n