Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use Cypheroth for automatic password query". In daily operation, I believe many people have doubts about how to use Cypheroth for automatic password query. Xiaobian consulted all kinds of data and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "how to use Cypheroth for automatic password query". Next, please follow the editor to study!

Cypheroth introduction

Cypheroth is an automated and extensible tool suite, with the help of this tool, researchers can perform automated password queries against the Neo4j back end of Bloodhound and store the output data in a spreadsheet.

Cypheroth is a Bash script that automatically performs password queries on Bloodhound data stored in an Neo4j database.

The list of password queries to be run is fully extensible, and later chapters in this article will show you how to add your own password query format.

The current version of Cypheroth has been fully tested and works on Linux, macOS, and Windows.

Dependent component

The cypher-shell command is bound to Neo4j, which is necessary for Cypheroth. If you have installed Neo4j but cannot find the cypher-shell command, you may need to update the version of Neo4j.

If the ssconvert command is used, the script will consolidate all .csv output into one .xls file.

On Windows systems, we recommend that you use WSL to run the script, and all we need to do is install the cypher-shell package in WSL.

Tool use

Available parameter options:

-u Neo4J username (required)-p Neo4J password (required)-d fully qualified domain name (must) (case sensitive)-a local address (optional) (default: localhost:7687)-t query timeout (optional) (default: 30s)-v Verbose mode (optional) (default: FALSE)-h displays help information and usage samples (optional)

The default configuration runs:

. / cypheroth.sh-u neo4j-p BloodHound-d TESTLAB.LOCAL

Sample operation of all options:

. / cypheroth.sh-u neo4j-p hunter2-d BigTech.corp-a 10.0.0.1 hunter2 7687-t 5m-v true

The file will be added to the subdirectory as the FQDN command.

Password query

The script currently supports 60 query methods. The following is a sample of the data that users can receive:

Complete list of user attributes

A complete list of computer properties

Complete list of domain properties

Complete list of OU attributes

Complete list of GPO attributes

Complete list of group attributes

A computer with administrator privileges

Computers without administrator privileges

Kerberoastable users and computers with administrator privileges

To add an additional query, edit the queries array in cypheroth.sh and add the data using the following format:

Description;Cypher Query;Output File

If the added query requires a domain name value, it needs to be stored as $DOMAIN.

Example 1:

All Usernames;MATCH (u:User) RETURN u. Namewitt usernames.csv

Example 2:

All Domain Admins;MATCH (u:User) MATCH (g:Group {name:'DOMAIN ADMINS@$DOMAIN'}) RETURN u.displaynameterdomainAdmins.csv Analysis of multiple domain names

If you need to analyze multiple domain names, you can run multiple Cypheroth instances at the same time and analyze multiple domain names separately. You can run 10 instances at the same time using scripts in the following format:

#! / usr/bin/env bashDOMAINS= (domA.example.net domB.example.net [...]) parallel-j10-- lb. / cypheroth.sh-d {}: "${DOMAINS [@]}" knotty problem

If you are not running the latest version of Cypheroth, you may encounter the following error message:

DateTime is not supported as a return type in Bolt protocol version 1.Please make sure driver supports at least protocol version 2.Driver upgrade is most likely required.

If you need to resolve, please update Neo4j to the latest version.

Tool demonstration

Demo address: https://github.com/seajaysec/cypheroth/blob/master/img/demo_v1_4.svg

Project address

Cypheroth: https://github.com/seajaysec/cypheroth

At this point, the study on "how to use Cypheroth for automatic password query" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.