Security.stackexchange.com

Is pass-the-hash possible with NTLMv2?

2025-05-29

I'm new to Windows security, and I'm trying to understand basics of pass-the-hash attacks.
As I understood :

NTLM = NT Hash = Password storage format

NTLMv1 = Net-NTLMv1 = Challenge/response authentication protocol

NTLMv2 = Net-NTLMv2 = Also a challenge/response authentication protocol

Sources I've found that explain the pass-the-hash attacks seem to be saying that "it affects NTLM".

What does it mean: "It affects both versions (NTLMv1 and NTLMv2)"? It affects the NT Hash independently of the authentication protocol used?

Sources

https://en.wikipedia.org/wiki/Pass_the_hash :
"This technique can be performed against any server or service accepting LM or NTLM authentication, whether it runs on a machine with Windows, Unix, or any other operating system."

https://www.crowdstrike.com/en-us/cybersecurity-101/cyberattacks/pass-the-hash-attack/ :
"Windows server clients, and organizations that use Windows New Technology LAN Manager (NTLM), in particular, are among the most vulnerable to pass the hash attacks."

As my understanding of this increases, I think I was misled by the name "Pass-the-hash" (please tell me if I'm wrong): in fact, the NT hash is never passed (i.e. sent directly) to the server, it is instead consumed client-side while crafting the response to the challenge submitted by the server.

So (again, please tell me if I'm wrong):

If I compromise the NT Hash (=MD4(Unicode(password))), I can authenticate on both NTLMv1 and NTLMv2 (assuming I know the username and the user's domain) as it seems to be the only secret used here

If I compromise the NTLMv1 hash, which derives from the NT Hash in order to create the 3x7 bytes DES key, I can then solve server's challenge and authenticate

If I compromise the NTLMv2 hash, which seems to be built with NTLMv2 Hash = HMAC-MD5(NT Hash,USERNAME, DOMAIN), as with NTLMv1 I still can use it to authenticate as there is no locking mechanism (timestamp, server/client ID, ...)

Hence, what's the point of compromising NTLMv1 or NTLMv2 hashes if it means that we are also able to compromise the NT Hash?