Passwords are never stored in plaintext. It rather always exists in hashed form. Moreover, strong hashing algorithms are one-way functions. This mean, it is impossible to reverse the process to get the message of the hash values. Taking the infeasibility of converting hash values into their corresponding messages, the crackers apply pass-the-hash (PtH) attack on passwords.
It may not be that difficult to get hash values for passwords. For instance, attackers may obtain the hash values of credentials from Rainbow Tables and other sources. Rainbow tables are repositories that contain precomputed hash values of hash functions. The pass-the-hash attack enables the cracker to pass/send these captured hash values of a password to an authentication server to gain unauthorized access. When entities request authentication, the server simply checks the hash value of both the stored and entered characters. If they match, the entity will gain access. However, if the hash values do no match, it will deny access the requesting party.
When the crackers consider to launch pass-the-hash attack, they do not need to know the actual password. Instead, they just need access to the hash values.They just try the precomputed hash values against the authentication server to simulate the login process and thereby gain access.
The best strategies to avoid these attacks is through frequent password change, salting and peppering techniques. These controls will increase the randomness of the password. Moreover, they are not stored on the same authentication server with the hash values of the password. Thus, it will be difficult for the attacker to get the hash values of passwords with salts appended.