If you have completed a password "audit" which is a non-technical term of saying you have "cracked passwords" and you get left with hashes that has been obtained from the SAM dump or Active Directory ntds.dit dump.
Note : This is why protecting the ntds.dit from these types of attacks is very important without the hashes you cannot use xfreerdp to connect to servers with the hash and not the password
Note : This is for educational and learning purposes, this should be done in a "lab" for your own knowledge and development.
Then you may find a example where you cannot "crack" the password to get the ASCII clear text password, so for examples like that when people have been "security vigilant" what you can do is pass-the-hash (or PtH)
Classic Remote Desktop
If you are wanting to get "Remote Desktop" access with the hash then the RDP client as shown below will not work, this requires the username and the password:
xfreerdp : PtH Supported
However you can use xfreerdp which is part of Kali and that will give you a RDP desktop without using the password, it using another distro install xfreerdp with this:
apt-get update
apt-get install freerdp-x11
Then we need this command (which will connect to computer called hack.me with the user "pth.user" on the domain "bear.local" with the hash as "pth"):
xfreerdp /u:pth.user /d:bear.local /pth:8846a85c584453c337827 /v:hack.me
Restricted Admin Mode : Danger there is dragons
However one major drawback of this is a security feature called "Restricted Admin Mode" which when you use PtH you will get an error like this:
Excellent, Windows is protecting me against PtH attacks that good isn't it?
Scenario 1 : You have no admin access and need to use the hash to get access
Yes, this is Windows so there is a bypass for this to get round this admin mode if you wish to do this remotely as you know the account has admin access to the server you need to use a utility called "crackmapexec" more on that here once installed on Kali that would then look like this:
Once this command has been issued you can then connect with xfreerdp to the target server with no restrictions and limitations using PtH and NOT the password.
Scenario 2 : You already have access to the device and can add registry keys
That makes it easier you can locally or remotely add this registry key using the "reg add" command:
reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f
Registry Key Added, xfreerdp away
When this key is added you should then be able to remotely connect from Kali to the target machine using only the hash without the password:
xfreerdp /u:pth.user /d:bear.local /pth:8846a85c584453c337827 /v:hack.me