If you’re having problems with your SharpHound output uploading to BloodHound, you may be victim of an old version/new version incompatibility.
“File created from incompatible collector” and “NaN%” are super frustrating, particularly because you’ll only come across this roadblock when you’re in the throes of an engagement. In my case, I encountered this in both my 3rd OSCP attempt and in the TryHackMe room, “Post-Exploitation Basics.”
SharpHound.exe to collect your domain information, not
ACHTUNG!: I don’t think this will solve every instance of “incompatible collector,” but it worked for me today in my TryHackMe use-case. If this doesn’t work for you, look into the following options:
- Removing the Kali repo install of BloodHound and cloning from the project
- Downgrading your install of BloodHound back to when
SharpHound.ps1worked — try 3.0
- The use of
bloodhound.pyinstead of SharpHound to collect domain information
In the case of the TryHackMe room’s AttackBox, which is usually the route I go when I’m having trouble with my own Kali VM, the problem was that the SharpHound deployment on the environment’s Windows Server was only equipped with
SharpHound.ps1 while the Ubuntu AttackBox had BloodHound 4.1.0 and my Kali VM used 4.2.0.
According to one of the project maintainers, rvazarkar, the “newest versions” of BloodHound do not make use of SharpHound.ps1. At the time of writing, the latest version BloodHound is 4.2.0, released this past August. The comment by rvazarkar was made on April 15th when 4.1.0 was the current release, making it the newest version at the time.
There was no one-line answer available on the first page of Google that I could see, hence the reason for this post. However, reading this GitHub issue on the project page led me to believe there was probably a version mismatch between the SharpHound pre-staged on the Windows Server and the BloodHound installed on the AttackBox and my Kali VM.