Hack-notes
  • Whoami
  • MalDev
    • Reflective loader
  • Academy HackTheBox
    • Attacking Common Applications
      • Attacking Common Applications - Skills Assessment I
      • Attacking Common Applications - Skills Assessment II
      • Attacking Common Applications - Skills Assessment III
    • Attacking Common Services
      • Attacking Common Services - Easy
      • Attacking Common Services - Medium
      • Attacking Common Services - Hard
    • AD Enumeration & Attacks - Skills Assessment Part I
    • AD Enumeration & Attacks - Skills Assessment Part II
  • HackTheBox-writeups
    • Machines
      • Windows
        • Jab
      • Linux
        • ICLEAN
  • CheatSheet
    • AD
      • linux
      • Windows
      • Bloodhound cypher query
      • Powerview
    • Privilege Escalation
      • Linux
      • Windows
    • Payloads (Reverse shell)
    • Post-Exploitation
      • Windows
    • CLM and Applocker Bypass
  • Your Path to the OSCP+
  • Pwning OSEP with `secrets.txt` on my first attempt
Powered by GitBook
On this page

Was this helpful?

  1. CheatSheet
  2. AD

Bloodhound cypher query

user logging session

MATCH c=(C:Computer)-[r2:HasSession*1]-(U:User)  WHERE U.name =~ ".*" return c

list all computers

MATCH (m:Computer) RETURN m

list all users

MATCH (u:User) RETURN u

list all groups

MATCH (g) RETURN g LIMIT 10

list all gpo

MATCH (g:GPO) RETURN g LIMIT 20

Unconstraint delegation

MATCH (c {unconstraineddelegation:true}) return c

Constrain delegation

MATCH p=(u)-[:AllowedToDelegate]->(c) RETURN p

rbcd

MATCH q=(u)-[:GenericWrite|GenericAll|WriteDacl|  
WriteOwner|Owns|WriteAccountRestrictions|AllowedToAct]->(:Computer) WHERE NOT  
u.objectid ENDS WITH "-512" AND NOT  
u.objectid ENDS WITH "-519" AND NOT  
u.objectid ENDS WITH "-544" AND NOT  
u.objectid ENDS WITH "-548" RETURN q
PreviousWindowsNextPowerview

Last updated 21 days ago

Was this helpful?