Red Teaming Experiments
linkedingithub@spotheplanetpatreon
Search…
What is ired.team?
Pinned
Pentesting Cheatsheets
Active Directory & Kerberos Abuse
offensive security
Red Team Infrastructure
Initial Access
Code Execution
Code & Process Injection
Defense Evasion
Enumeration and Discovery
Privilege Escalation
Credential Access & Dumping
Lateral Movement
Persistence
Exfiltration
reversing, forensics & misc
Internals
Cloud
Neo4j
Dump Virtual Box Memory
AES Encryption Using Crypto++ .lib in Visual Studio C++
Reversing Password Checking Routine
Powered By GitBook
Neo4j
This is a living document that captures notes related to anything and all neo4j and cypher queries.

List Databases

1
show databases
Copied!

Create New Database

1
create database spotless
Copied!

Switch Database

1
:use spotless
Copied!

Import Data from CSV and Define Relationships Between Nodes

Sample Data

Below is a sample CSV file with 3 columns, that represents Windows authentication information between different endpoints (think lateral movement detection/investigation/threat hunting):
Column
Meaning
SourceComputer
A computer that successfully authenticated to a DestinationComputer
DestinationComputer
A computer that SourceComputer authenticated to
DestinationUserName
A user name that was used to logon from SourceComputer to DestinationComputer
lateral-movement.csv
1
"SourceComputer","DestinationComputer","DestinationUserName"
2
"WS01","WS02","administrator"
3
"WS01","WS03","administrator"
4
"WS02","WS03","administrator"
5
"WS03","WS04","administrator"
6
"WS04","WS05","administrator"
7
"WS05","WS06","administrator"
8
"WS06","WS07","administrator"
9
"WS07","DB01","administrator"
10
"DB01","FS05","administrator"
11
"FS05","DC01","da-james"
12
"WS01","WS04","billy"
13
"WS02","WS04","sally"
14
"WS03","WS02","fred"
15
"WS03","WS02","james"
16
"WS01","WS02","james"
Copied!
The file needs to be saved to the import folder of your database folder. In my case, the path is C:\Users\User\AppData\Local\Neo4j\Relate\Data\dbmss\dbms-8320b8a8-e54d-4742-a432-c8014b5968ec\import\lateral-movement.csv

Importing Nodes from CSV and Creating Relationships

1
LOAD CSV WITH HEADERS FROM 'file:///lateral-movement.csv' AS line
2
MERGE (a:Computer {Computer:line.SourceComputer} )
3
MERGE (b:Computer {Computer:line.DestinationComputer} )
4
MERGE (a) -[:LOGGED_IN {loggedAs:line.DestinationUserName}]-> (b)
Copied!

Clean Database

1
match (a) -[r] -> () delete a, r; match (a) delete a
Copied!

Match Nodes WHERE DestinationComputer Contains "WS"

1
MATCH p=()-[r:LOGGED_IN]->(m:Computer) where m.Computer CONTAINS "WS" RETURN p LIMIT 25
Copied!

Match Nodes WHERE Relationship Contains "james"

1
MATCH p=()-[r:LOGGED_IN]->() where (r.loggedAs contains "james") RETURN p LIMIT 25
Copied!

Match Nodes with 3 Hops Between Them

1
MATCH p=()-[r:LOGGED_IN*3]->() RETURN p LIMIT 25
Copied!
Previous
AWS Accounts, Users, Groups, Roles, Policies
Next - reversing, forensics & misc
Dump Virtual Box Memory
Last modified 9mo ago
Copy link
Contents
List Databases
Create New Database
Switch Database
Import Data from CSV and Define Relationships Between Nodes
Sample Data
Importing Nodes from CSV and Creating Relationships
Clean Database
Match Nodes WHERE DestinationComputer Contains "WS"
Match Nodes WHERE Relationship Contains "james"
Match Nodes with 3 Hops Between Them