Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-11-22 02:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated Handy-BloodHound-Cypher-Queries

Browse Source
This commit is contained in:
Mariusz B. / mgeeky 2022-09-24 23:58:37 +02:00
parent 55f268bcac
commit b22d7a5c79
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md
View File

@ -370,6 +370,12 @@ MATCH (u1:Computer)-[:AdminTo]->(c1:Computer {signing: false}) RETURN u1.name, c
MATCH (u2)-[:MemberOf*1..]->(g:Group)-[:AdminTo]->(c2 {signing: false}) RETURN u2.name, c2.name MATCH (u2)-[:MemberOf*1..]->(g:Group)-[:AdminTo]->(c2 {signing: false}) RETURN u2.name, c2.name
``` ```
- PrivExchange audit: Finds computers that are members of "Exchange Trusted Subsystem" group, which has admin rights over all its members. This way, we could execute authentication coercion attack against one exchange server and relay it to another, thus obtaining SYSTEM over that another Exchange server:
```
MATCH p=(c:Computer)-[r1:MemberOf*1..]->(g:Group)-[r2:AdminTo]->(n:Computer) RETURN p
```
### GPOs ### GPOs
- Print GPO names and their container paths: - Print GPO names and their container paths: