Handy BloodHound Cypher Queries updated.
This commit is contained in:
parent
36864d57cf
commit
b44a6888f8
|
@ -311,21 +311,9 @@ MATCH (o:OU)-[:Contains]->(c) RETURN o.name,o.guid, COUNT(c) ORDER BY COUNT(c) D
|
||||||
### Other
|
### Other
|
||||||
|
|
||||||
|
|
||||||
- Retrieves nodes having particular juicy keywords in their description properties:
|
- Retrieves nodes having particular juicy keywords in their name or description properties:
|
||||||
```
|
```
|
||||||
MATCH (n) WHERE n.description CONTAINS 'pass' RETURN n.name, n.description UNION
|
UNWIND ["admin", "amministratore", "contrase", "empfidlich", "geheim", "hasło", "important", "azure", "MSOL", "Kennwort", "parol", "parola", "pass", "passe", "secret", "secreto", "segreto", "sekret", "sensibil", "sensibile", "sensible", "sensitive", "wrażliw"] AS word MATCH (n) WHERE (toLower(n.name) CONTAINS toLower(word)) OR (toLower(n.description) CONTAINS toLower(word)) RETURN word, n.name, n.description ORDER BY n.name
|
||||||
MATCH (n) WHERE n.description CONTAINS 'secret' RETURN n.name, n.description UNION
|
|
||||||
MATCH (n) WHERE n.description CONTAINS 'admin' RETURN n.name, n.description UNION
|
|
||||||
MATCH (n) WHERE n.description CONTAINS 'sensitive' RETURN n.name, n.description
|
|
||||||
```
|
|
||||||
|
|
||||||
- Show only owned nodes of the above ones:
|
|
||||||
```
|
|
||||||
MATCH (n) WHERE n.description CONTAINS 'pass' and n.owned = TRUE RETURN n.name, n.description UNION
|
|
||||||
MATCH (n) WHERE n.description CONTAINS 'secret' and n.owned = TRUE RETURN n.name, n.description UNION
|
|
||||||
MATCH (n) WHERE n.description CONTAINS 'admin' and n.owned = TRUE RETURN n.name, n.description UNION
|
|
||||||
MATCH (n) WHERE n.description CONTAINS 'sensitive' and n.owned = TRUE RETURN n.name, n.description UNION
|
|
||||||
MATCH (n) WHERE n.description CONTAINS '\\' and n.owned = TRUE RETURN n.name, n.description
|
|
||||||
```
|
```
|
||||||
|
|
||||||
- Retrieves nodes that contain UNC paths to SMB shares in their description fields:
|
- Retrieves nodes that contain UNC paths to SMB shares in their description fields:
|
||||||
|
|
Loading…
Reference in New Issue