Weaponizing Windows Pt-1
Lets assume you have an IP address 10.129.208.61,
Domain absolute.htb,
and Domain Controller dc.absolute.htb.
You want to run SharpHound to collect data for Bloodhound. Twist is there is only kerberos authentication. We can use our Windows VM to do this easily.
1) Setup the DNS.
The DNS points to the dc.absolute.htb
2) Set up Host File
Path => C:\Windows\System32\drivers\etc\hosts
Append the IP and host names.
3) Create the Ticket
Command => .\Rubeus.exe asktgt /enctype:AES256 /user:<username> /password:<password> /domain:absolute.htb /dc:dc.absolute.htb /ptt
Last updated