← Back to search

BloodHound Collection

ad enumwindowschecklist

Walkthrough

Collect full domain data with BloodHound to map attack paths. A good hit reveals shortest paths to Domain Admin via group memberships, ACLs, or sessions.

Commands

bash

netexec ldap <IP> -u <USER> -p '<PASS>' --bloodhound --collection All --dns-server <IP>