autobloody is a tool developed to automate Active Directory privilege escalation paths identified by BloodHound. It simplifies the process of exploiting privilege escalation paths that have been identified within the BloodHound database between two AD objects: the source (owned) and the target (desired). If a privilege escalation path exists in the BloodHound database, autobloody can automate the exploitation process, making it a powerful resource for security professionals and red teamers.
Installation
Install Dependencies:
On Linux, install libkrb5-dev:
# Debian/Ubuntu/Kali
# Centos/RHEL
# Fedora
# Arch Linux
Install autobloody:
Using pip:
Or clone the repository:
Dependencies
· bloodyAD
· Neo4j python driver
· Neo4j with the GDS library
· BloodHound
· Python 3
· Gssapi (Linux) or Winkerberos (Windows)
How to Use
Import Data into BloodHound:
- Use SharpHound or BloodHound.py to import data into BloodHound.
- Ensure Neo4j is running.
Run autobloody:
Example:
How It Works
Finding Privesc Path:
- Uses Dijkstra's algorithm in Neo4j's GDS library to find the optimal privilege escalation path based on BloodHound data.
Path Execution:
- Connects to the DC and executes the path found using the bloodyAD package.
- Supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket, or certificates
Limitations
Currently supports specific BloodHound edges for automatic exploitation, including MemberOf, ForceChangePassword, AddMembers, AddSelf, DCSync, GetChanges/GetChangesAll, GenericAll, WriteDacl, GenericWrite, WriteOwner, Owns, Contains, AllExtendedRights.
