Skip to content

Instantly share code, notes, and snippets.

@rboddy

rboddy/customCipherQuery.json

Created June 19, 2020 19:52
Show Gist options
  • Save rboddy/259cfebe8212bc99a2eba7f7441caf62 to your computer and use it in GitHub Desktop.
Save rboddy/259cfebe8212bc99a2eba7f7441caf62 to your computer and use it in GitHub Desktop.
Download ZIP
Mass import owned users in BloodHound and find paths from owned users to privileged groups
Raw
customCipherQuery.json
{
"name": "Find Owned Users with a path to DA",
"queryList": [
{
"final": true,
"query": "MATCH (u:User {owned:true}) MATCH (g:Group) WHERE g.objectid ENDS WITH '-512' MATCH p = shortestPath( (u)-[*1..]->(g) ) RETURN p"
}
]
}
Raw
own.js
var r = require("request");
var txUrl = "http://localhost:7474/db/data/transaction/commit";
const lineReader = require('line-reader');
const fileName = process.argv[2];
var cb = function(err, data) {
console.log(`${data.toUpperCase()} has been owned.`)
}
lineReader.eachLine(fileName, function(line) {
let arr = line.split('@');
let user = arr.shift();
set_owned(user.toUpperCase())
});
function cypher(query, params, cb) {
r.post({
uri: txUrl,
headers: {
"Authorization": "Basic bmVvNGo6Qmxvb2RIb3VuZA=="
},
json: {
statements: [{
statement: query,
parameters: params
}]
}
},
function(err, res) {
cb(err, params.account)
})
}
function set_owned(username){
var query = "MATCH (n) WHERE (n.name = {account}) SET n.owned = true"
var params = {
account: username
}
cypher(query, params, cb)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment