Pass-the-Hash Attack

Pass-the-Hash (PtH) exploits Windows NTLM authentication: once an attacker has an NT hash (from memory dump, credential files, or the registry), they can authenticate AS that user without ever knowing the plaintext password.

Ready Click Next Step to walk through the Pass-the-Hash attack chain.
Attack State
Attacker
WAITING
LSASS
RUNNING
Hash Material
Username -
Domain -
NT Hash -
Method -
Access
Logged into -
Event Log