Defending Against Pass-the-Hash Attacks (http://www.microsoft.com)
How Password Hashes Work
Well-designed authentication systems expend considerable effort to prevent passwords and other credentials from unauthorized disclosure. Storing and transmitting passwords in plaintext puts them at risk of exposure to hackers, eavesdroppers, and malware. To prevent such exposure, strong authentication systems use multiple mechanisms to reduce the likelihood that unencrypted credentials will be exposed, and to ensure that any authentication data that does get stored and transmitted will be of limited use to an attacker.
In Microsoft Windows, hashes are stored in one of two places: a local Security Accounts Manager (SAM) database and/or a networked Active Directory database (which is stored as a physical file called NTDS.DIT on each participating domain controller). Password hashes can be stored in one of four forms: LAN Manager (LM), NT, AES key, or Digest.
(Continue reading at http://www.microsoft.com)
My Two Cents: This is very good information about PTH attacks and what these attacks go after with regard to Microsoft operating systems. The attacker needs to have already compromised the computer or network before these hacking tools can be used to harvest and use hashes.