tom@REEL C:\Users\tom\Desktop\AD Audit>dir
Volume in drive C has no label.
Volume Serial Number is CEBA-B613
Directory of C:\Users\tom\Desktop\AD Audit
05/29/2018 08:02 PM <DIR> .
05/29/2018 08:02 PM <DIR> ..
05/29/2018 11:44 PM <DIR> BloodHound
05/29/2018 08:02 PM 182 note.txt
1 File(s) 182 bytes
3 Dir(s) 4,969,594,880 bytes free
tom@REEL C:\Users\tom\Desktop\AD Audit>type note.txt
Findings:
Surprisingly no AD attack paths from user to Domain Admin (using default shortest path query).
Maybe we should re-run Cypher query against other groups we've created.
tom@REEL C:\Users\tom\Desktop\AD Audit>
We already have bloodhound binaries present/downloaded by the tom user.
PS C:\Users\tom\Desktop\AD Audit\BloodHound\Ingestors> .\SharpHound.exe -c all Program 'SharpHound.exe' failed to run: This program is blocked by group policy. For more information,
contact your system administratorAt line:1 char:1 + .\SharpHound.exe -c all
+ ~~~~~~~~~~~~~~~~~~~~~~~. At line:1 char:1
Not able to use them
PS C:\Users\tom\Desktop\AD Audit\BloodHound\Ingestors> dir
Directory: C:\Users\tom\Desktop\AD Audit\BloodHound\Ingestors
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 11/16/2017 11:50 PM 112225 acls.csv
-a--- 10/28/2017 9:50 PM 3549 BloodHound.bin
-a--- 10/24/2017 4:27 PM 246489 BloodHound_Old.ps1
-a--- 10/24/2017 4:27 PM 568832 SharpHound.exe
-a--- 10/24/2017 4:27 PM 636959 SharpHound.ps1
We have a csv file, but the problem is that in modern bloodhound we cant' upload .csv file and also i was not able to run sharphound. well we ll read acls.csv file by ourselves.