active directory – Is it possible make a Pass-The-Hash attack with Responder?


The tool Responder written in Python permits to listen on a specific network card requests and automatically poisoning victims the steal hash NTLMv1 and hash NTLMv2.

The attack Pass-The-Hash permits to connect to a service like SMB.
I am a little bit confused about difference between hash LM and hash NTLM and so the consequences of a Pass-The-Hash attack.
I know that it’s also possible to crack the hash NTLMv1 or NTLMv2 with John for example.

From the premise that password is complex and it’s not possible to brute-force it, apart connect to a share and get some sensitive files :

  1. What can do an attacker on the same network ?
  2. Is it possible to forge connect to RDP service for example ?
  3. Is it possible to forge a sliver/gold Kerberos ticket ?