ToolBelt

NTLM Hash Generator

Compute the NTLM (MD4 over UTF-16LE) hash of a password.

Open tool

Overview

The NTLM hash generator computes the 128-bit MD4-over-UTF-16LE digest that Windows uses to store local and domain user passwords. Type a password, get back the 32-character hex value seen in pwdump, secretsdump.py output, and HIBP NTLM dumps.

Penetration testers cracking captured hashes, IT auditors testing password policies against pass-the-hash, and Windows administrators verifying old SAM exports are the primary users. An NTLM hash generator is also useful for building Hashcat or John the Ripper test cases without touching a Windows lab box.

How it works

NTLM (sometimes called NT hash) is defined informally — there is no NIST or RFC standard — but Microsoft's specification is clear: the password is encoded as UTF-16 little-endian without a BOM, then hashed with MD4. The output is a fixed 128-bit value, displayed as 32 lowercase hex characters. There is no salt; identical passwords always produce identical hashes, which is why rainbow tables against NTLM are devastating. The algorithm replaced the much weaker LM hash (which split passwords into 7-character halves and used DES), but it is still considered weak — modern GPUs run NTLM at hundreds of billions of guesses per second.

Examples

Password: password
Output:   8846f7eaee8fb117ad06bdd830b7586c

Password: Password123
Output:   2b576acbe6bcfda7294d6bd18041b8fe

Password: ""           (empty)
Output:   31d6cfe0d16ae931b73c59d7e0c089c0

Password: "P@ssw0rd!"
Output:   ac8e657f83df82beea5d43bdaf7800cc

FAQ

Is NTLM the same as Net-NTLMv1 or v2?

No. NTLM is the stored password hash. Net-NTLMv1 and Net-NTLMv2 are challenge-response protocols that use NTLM as a key. Hashcat treats them as different hash modes; if you have captured network traffic, you have a Net-NTLM hash, not a raw NT hash.

Why is there no salt?

Microsoft has never added one. Two users with the password Password123 have identical hashes — even across domains. This is what makes pass-the-hash attacks practical: a single dumped hash unlocks every account with that password.

Is MD4 safe here?

For password storage, no. MD4 is collision-broken and preimage attacks are far stronger than they should be for a password hash. NTLM persists for compatibility, not safety.

Can I crack an NTLM hash with this tool?

This tool is one-way only — it hashes, it does not crack. For dictionary or brute-force attacks, feed the hash to Hashcat (mode 1000) or John the Ripper.

Try NTLM Hash Generator

An unhandled error has occurred. Reload ×