No decryption. Just hashing + comparing.
NTLM is a suite of Microsoft security protocols used for authenticating users. Windows does not store passwords in plaintext; instead, it stores them as NTLM hashes ntlm-hash-decrypter
To wrap up:
| Tool | Actual Mechanism | Crack Rate (NTLM) | Limitations | |------|----------------|------------------|--------------| | Hashcat | Brute-force, dictionary, rules | up to 90 GH/s (8x RTX 4090) | Time for strong passwords | | John the Ripper | Similar + Markov mode | 50-80 GH/s | Uses CPU and GPU | | Ophcrack | Rainbow tables (LM only, not NTLM) | Seconds for LM | Useless for modern NTLM | | Online “decrypters” | Precomputed lookup of common hashes | Instant for weak passwords | Fails for unique passwords | No decryption