What is Pass-The-Hash Toolkit?

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Utilities in the toolkit:

Source Code

Win32 binaries


Quick start:There's not much to be done, extract the .rar file and have fun!.



Click the following link for an online copy of the documentation. This page contains instructions on how to use the tools.

Check out the WHATSNEW file.

Known issues

This version contains modifications that make it work better in Windows Server 2003 and in German and French versions of WinXPSP2, checkout the WHATSNEW file. If you have any problems please let me know!.


This software is provided under the following license for non-commercial use.

Contact Us

Whether you want to report a bug, send a patch or give some suggestions on this package, drop us a few lines at oss- at- coresecurity.com . To contact me, Hernan Ochoa, the author, you can send email to hochoa -at -coresecurity.com


Pass-the-hash toolkit
Release date
License type
Custom lincense (free for noncomercial use)