While i was trying to explicitly specify the ip of the domain controller with the following command (SharpHound.ps1), i was thinking that the root dse will be directly requested to the ldap service on this DC ip:
Invoke-BloodHound -DomainController 10.10.10.10
Initializing BloodHound at 23:58 on 01/08/2019
Unable to contact domain. Try from a domain context!
Unfortunately, i captured the traffic and i still found the type SRV DNS requests used to discover the DC (_ldap._tcp.dc._msdcs). The fact is that my ip is never contacted. For example during an engagement how are you doing if you are doing a port redirection on a pivot machine ?
On wireshark no ip dest 10.10.10.10 appears (10.10.10.10 is up, etc ...).
I'm working on a Microsoft Windows 10 Pro machine with the master branch of BloodHound.
Hello guys,
While i was trying to explicitly specify the ip of the domain controller with the following command (SharpHound.ps1), i was thinking that the root dse will be directly requested to the ldap service on this DC ip:
Unfortunately, i captured the traffic and i still found the type SRV DNS requests used to discover the DC (_ldap._tcp.dc._msdcs). The fact is that my ip is never contacted. For example during an engagement how are you doing if you are doing a port redirection on a pivot machine ?
On wireshark no ip dest 10.10.10.10 appears (10.10.10.10 is up, etc ...).
I'm working on a Microsoft Windows 10 Pro machine with the master branch of BloodHound.
Thanks in advance,