pass-the-key

4. Pass the key aka Overpass The Hash use user’s NTLM hash to request Kerberos tickets as alternative to Pass The Hash over NTLM protocol requires: a system where NTLM authentication is disabled and only Kerberos authentication is allowed NTLM hash or password of target user results in access to service/machine which target user has permissions to (get shell) Tools: impacket’s getTGT.py & psexec.py (Linux), Rubeus (Windows) Linux getTGT.py DOMAIN/USERNAME -dc-ip $IP -hashes :NTHASH export KRB5CCNAME=USERNAME....