Glossary
NT hash
The MD4 of a user's UTF-16LE password — the credential Windows actually stores and the one used in NTLM authentication and pass-the-hash.
An NT hash is simply MD4(password encoded as UTF-16LE). It is unsalted,
which means identical passwords always produce identical hashes and the value
can be used directly to authenticate (pass-the-hash) without ever knowing
the plaintext.
Windows stores it encrypted — in the SAM for local accounts and in
NTDS.dit for domain accounts — but the encryption is reversible offline once
you hold the boot key. An account with no password has
the well-known NT hash 31d6cfe0d16ae931b73c59d7e0c089c0.