Ntlm: Decode

The client encrypts that challenge with its password hash and sends the result back to the server, along with its username and domain.

Interestingly, in many Windows environments, you don't even need to decode the hash to gain access. Since the hash itself is effectively the password proof, attackers can use the stolen hash directly to authenticate to other systems on the network without ever knowing the actual plaintext password. ntlm decode

If you don't have the password but have the NT hash , you can actually provide it in a Kerberos keytab file ; Wireshark will use it to derive the session keys and decrypt the traffic. 3. Decoding (Cracking) NTLM Hashes The client encrypts that challenge with its password