Ethical Hacking Academy · Lesson

Pass-the-Hash

Reuse credentials.

What Is Pass-the-Hash?

Pass-the-Hash (PtH) is a technique where an attacker authenticates using a user's NTLM password hash instead of the plaintext password.

Because Windows NTLM authentication uses the hash itself as the secret, you never need to crack it to log in as that user.

The NTLM Hash

Windows stores account passwords as NTLM hashes (an MD4 of the UTF-16 password). During NTLM authentication, the hash, not the password, is what proves identity.

This design flaw means stealing the hash is functionally equivalent to stealing the password for NTLM-based logins.

All lessons in this course

AD Fundamentals
Kerberoasting
Pass-the-Hash
BloodHound

← Back to Ethical Hacking Academy