# Weaponizing Windows Pt-1 Lets assume you have an IP address `10.129.208.61,` Domain `absolute.htb,` and Domain Controller `dc.absolute.htb.` \ You want to run SharpHound to collect data for Bloodhound. Twist is there is only kerberos authentication. We can use our Windows VM to do this easily. 1\) Setup the DNS. \ The DNS points to the `dc.absolute.htb`

2\) Set up Host File\ Path => `C:\Windows\System32\drivers\etc\hosts`\ Append the IP and host names.

3\) Create the Ticket\ Command => `.\Rubeus.exe asktgt /enctype:AES256 /user: /password: /domain:absolute.htb /dc:dc.absolute.htb /ptt`

4\) Run SharpHound\ Command => `. .\SharpHound.ps1; Invoke-BloodHound -Domain absolute.htb`\ After a while we do get the zip file! :tada: