Enumerate things with bloodhound, refer to bloodhound edges for abuses, and utilize powerview/sharpsploit to do so

Bloodhound

Spin up neo4j and bloodhound

#As root
neo4j console
wget <https://github.com/BloodHoundAD/BloodHound/releases/download/4.2.0/BloodHound-linux-x64.zip>
unzip BloodHound-linux-x64.zip
BloodHound-linux-x64/Bloodhound/Bloodhound -no-sandbox

Run the ingestor from the compromised host

• SharpHound.exe -c all
  • execute-assembly or inline-assembly
• Invoke-BloodHound -ZipFileName 'PATH/TO/ZIP.zip' -JsonFolder 'PATH/TO/folderas above' -CollectionMethod All -Domain FQDN
  • powershell-import ⇒ powerpick or powershell

Or from kali

pip install bloodhound
bloodhound-python -u 'user' -p 'pass' -ns dc_ip -d htb.local -c all

Interpret the result; find the edge, requirements, and the powerview commands associated.

Edges - BloodHound 4.2.0 documentation

Powerview

• Import into your shell by . .\\PowerView.ps1
• Or in the beacon by powershell-import

Refer to this when attempting to abuse edges

About - PowerSploit