Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-11-04 04:55:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

cypher

Browse Source
This commit is contained in:
Mariusz B. / mgeeky
2022-04-19 11:20:04 +02:00
parent 3c8f62f7ab
commit c895629c91
4 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md
View File

@@ -131,6 +131,13 @@ RETURN name, description, days_since_pwdlastset, pwdlastset
ORDER BY days_since_pwdlastset DESC
```
- Pulls kerberoastable Users belonging to critical groups such as Domain Admins, Schema Admins, Domain Controllers, Enterprise Admins:
```
MATCH (u:User {hasspn: True})-[r:MemberOf*1..]->(n:Group)
WHERE (n.objectid =~ "(?i)S-1-5-.*-512") OR (n.objectid =~ "(?i)S-1-5-.*-516") OR (n.objectid =~ "(?i)S-1-5-.*-518") OR (n.objectid =~ "(?i)S-1-5-.*-519") OR (n.objectid =~ "(?i)S-1-5-.*-520") OR (n.objectid =~ "(?i)S-1-5-.*-544") OR (n.objectid =~ "(?i)S-1-5-.*-548") OR (n.objectid =~ "(?i)S-1-5-.*-549") OR (n.objectid =~ "(?i)S-1-5-.*-551")
RETURN u.name AS UserName, n.name AS GroupName, u.displayname As DisplayName, u.description As Descrition
```
- Pulls users eligible for ASREP roasting
```
MATCH (u:User {dontreqpreauth: true}) RETURN u.name, u.displayname, u.description, u.objectid