Worth reading: Pass-the-hash attacks on Windows
Cracking passwords is a tedious, time-consuming business. However, it is often possible to gain access to a service without actually requiring the plain text password – for example, in the context of a single sign-on session, where the hashed password is often sufficient. Using existing tools, it is possible to extract LM and NTLM hashes from the Windows LSASS service, then reimport them – in some case onto other systems – to gain access using someone else's identity.
In a SANS institute Reading Room paper entitled Pass-the-hash attacks: Tools and Mitigation, Bashar Ewaida examines the principles of the pass-the-hash attack and describes a tested range of tools which can be used to successfully execute such an attack. He also discusses measures for frustrating such attacks. Readers who are familiar with standard attacks on passwords may wish to skim the lengthy first section and zip along to the more interesting stuff which starts in chapter 3.
Pass-the-hash attacks: Tools and Mitigation, by Bashar Ewaida