Weaponizing Windows Pt-1

Lets assume you have an IP address 10.129.208.61, Domain absolute.htb, and Domain Controller dc.absolute.htb. You want to run SharpHound to collect data for Bloodhound. Twist is there is only kerberos authentication. We can use our Windows VM to do this easily.

1) Setup the DNS. The DNS points to the dc.absolute.htb

2) Set up Host File Path => C:\Windows\System32\drivers\etc\hosts Append the IP and host names.

3) Create the Ticket Command => .\Rubeus.exe asktgt /enctype:AES256 /user:<username> /password:<password> /domain:absolute.htb /dc:dc.absolute.htb /ptt

4) Run SharpHound Command => . .\SharpHound.ps1; Invoke-BloodHound -Domain absolute.htbAfter a while we do get the zip file!

PreviousWeaponizing Windows NextWinrm Using Certificate[PFX]

Last updated 2 years ago