This is part 2 of the series on Bloodhound. For setting up the database and the tool refer to Part 1.
BloodHound data is done using the BloodHound.ps1 file located at:
https://github.com/adaptivethreat/BloodHound/tree/master/PowerShell
Clone the file and upload it to a host you have foothold.
From either CMD or PS shell cd to a folder you have write access and follow these steps:
- Upload the BloodHound.ps1 file
- powershell.exe –Exec Bypass
- Import Module BloodHound.ps1
- Get-BloodHoundData | Export-BloodHoundCSV
- Export the .csv files locally
*There is an API for sending the data directly from Cobalt Strike to BloodHound but it is not described in this post.
The above command will create 4 .csv files which can later be imported into BloodHound
- group_memberships.csv
- local_admins.csv
- trusts.csv
- user_sessions.csv
Use the upload data functionality to import the 4 .csv files created before.
In Part 3 of the series we will look into working with the database and results.