How to "Pass the hash" when LM hash is disabled?

Question

I ran the NTLM_stealer metasploit module and ended up with the following results:

LMHASH:Disabled
NTHASH:008940f335e9b2ddc182bb5b960a0c5bad0b125cbee3cf84

I was wondering if there is way to successfully use the pass the hash technique with just the NT Hash. Every tool and blog seem to outline techniques that require both LM and NT hash.

xorist · Accepted Answer · 2015-10-01T16:46:32.057

3

You need either of the hashes in order to 'pass the hash'. Here is some further reading for you if you're interested in learning more about it.

https://www.sans.org/reading-room/whitepapers/testing/crack-pass-hash-33219

edited Oct 01 '15 at 16:46

answered Oct 01 '15 at 15:53

xorist

870
4
15

How to "Pass the hash" when LM hash is disabled?

1 Answers1