search

mandiant / commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
https://www.mandiant.com/resources/blog/commando-vm-windows-offensive-distribution
Apache License 2.0
6.86k stars 1.28k forks source link

neo4j missing? #317

Closed xplt-artur closed 4 months ago

xplt-artur commented 9 months ago

So, this might not be a bug, but intended, but I can't seem to find neo4j anywhere, which is kinda a prerequisite for BloodHound afaik.

Is this even a bug, or a decision made somewhere along the line? Is there an alternative I can use that is included?

arty-hlr commented 8 months ago

I find this very weird. Also, when I try to install neo4j I get the following:

neo4j not installed. The package was not found with the source(s) listed.
 Source(s): 'C:\Users\commando-vm;https://www.myget.org/F/vm-packages/api/v2;https://myget.org/F/vm-packages/api/v2;https://community.chocolatey.org/api/v2/'
 NOTE: When you specify explicit sources, it overrides default sources.
If the package version is a prerelease and you didn't specify `--pre`,
 the package may not be found.
Please see https://docs.chocolatey.org/en-us/troubleshooting for more
 assistance.
Menn1s commented 6 months ago

Hi all, thanks for bringing this up! We may have overlooked adding Neo4j. We'll get that added asap so BloodHound is working again.

Looks like the dependency is for neo4jdesktop.

Menn1s commented 4 months ago

So I've taken a look at some of the requirements for Neo4j and also found that the latest Bloodhound https://github.com/SpecterOps/BloodHound is a monolithic, containerized application.

As of now, it does not look like the neo4j-community package is supported anymore (hence we won't be adding it to Commando).

If you want to get BloodHound to work, you can

  1. perform a chocolatey install for neo4j-community and start the neo4j service sc start neo4j
  2. use the latest version of neo4j in Docker. Note that this will require WSL2 and mileage may vary in virtualized environments. Thus far I have NOT been able to get it to work in Parallels either in a WSL installation or with Docker Desktop using WSL2, but there is a chance VMware may support it.

We will be taking a look at other alternatives on our end to get BloodHound to work. For now it's a little unclear given how the environments are changing so I'll close this and put it on our to-do list to get BloodHound going.

As a final note, also consider running neo4j either locally or in a server so it's more persistent and accessible from multiple systems. BloodHound should also be able to connect to those.