Weaponizing Windows Pt-1
Last updated
Last updated
Lets assume you have an IP address 10.129.208.61,
Domain absolute.htb,
and Domain Controller dc.absolute.htb.
You want to run SharpHound to collect data for Bloodhound. Twist is there is only kerberos authentication. We can use our Windows VM to do this easily.
1) Setup the DNS.
The DNS points to the dc.absolute.htb
2) Set up Host File
Path => C:\Windows\System32\drivers\etc\hosts
Append the IP and host names.
3) Create the Ticket
Command => .\Rubeus.exe asktgt /enctype:AES256 /user:<username> /password:<password> /domain:absolute.htb /dc:dc.absolute.htb /ptt
4) Run SharpHound
Command => . .\SharpHound.ps1; Invoke-BloodHound -Domain absolute.htb
After a while we do get the zip file! 🎉