"Pass the hash" with Nexpose and Metasploit
I am proud to announce that Nexpose 5.1.0 now supports "pass the hash"
[http://en.wikipedia.org/wiki/Pass_the_hash], a technique to remotely
authenticate against a Windows machine (or any SMB/CIFS server) with the mere
possession of LM/NTLM password hashes, without needing to crack or brute force
them. Nexpose is able to use the hashes to perform credentialed scans to produce
very detailed scan results of all sorts of local and remote vulnerabilities that
may otherwise not be detectable.