Why Pass-the-Hash attacks still work?

Default authentication package for windows domain authentication is Kerberos. But it is possible to perform pass-the-hash by using Windows Credentials Editor, for example (even in Windows 8). WCE works with NTLM credentials, and attack is possible despite the fact that default protocol is Kerberos. Why?
Am I wrong or client can somehow initiate NTLM authentication?


Source: windows

Leave a Reply