Hashed passwords for NTLM authentication

Question

I understood that Windows users' password hashes can be exported very easily. Right? So my question is:

If I can have the hashes of other user accounts (e.g. local users on my Windows machine), isn't it good enough for me for impersonating other users?

For example, when a user tries to log into some web site using NTLM, only the HASH of the password is used for the challenge process. So if I already have this hash (as it is saved locally and can be exported easily), doesn't it mean that I can fake the challenge process? Why do I need to crack the password if the hash can be good enough for me?

Ah-yes. And here we go: https://security.stackexchange.com/questions/168940/what-harm-is-there-in-obtaining-password-hashes-in-a-windows-environment — SDsolar, Sep 07 '17 at 02:54

score 5 · Answer 1 · answered May 04 '14 at 03:06

You are absolutely correct. This is a very well known problem with NTLM authentication and the resulting attack is known as Pass the Hash. There is in fact a very handy tool called Pass-The-Hash toolkit that makes exploiting this really easy.

Hashed passwords for NTLM authentication

1 Answers1

Linked