Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-11-04 13:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated Handy-BloodHound-Cypher-Queries

Browse Source
This commit is contained in:
Mariusz B. / mgeeky
2022-09-24 22:48:09 +02:00
parent d76cd83284
commit 543a85a139
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md
View File

@@ -424,9 +424,14 @@ MATCH p=(m:Group)-[r:Owns|WriteDacl|GenericAll|WriteOwner|ExecuteDCOM|GenericWri
- Mark nodes as Owned:
```
MATCH (u) WHERE toLower(u.name) = "user1@contoso.com" SET u.owned RETURN 1 UNION
MATCH (u) WHERE toLower(u.name) = "group2@contoso.com" SET u.owned RETURN 1 UNION
MATCH (u) WHERE toLower(u.name) = "computer3@contoso.com" SET u.owned RETURN 1
MATCH (u) WHERE toLower(u.name) = "user1@contoso.com" SET u.owned=True RETURN 1 UNION
MATCH (u) WHERE toLower(u.name) = "group2@contoso.com" SET u.owned=True RETURN 1 UNION
MATCH (u) WHERE toLower(u.name) = "computer3@contoso.com" SET u.owned=True RETURN 1
```
- Mark users with non-empty UserPassword field as Owned:
```
MATCH (u:User) WHERE u.userpassword =~ ".+" SET u.owned=True
```
- Mark High Value all members of High Value groups: