Utilizzo degli hash LSA di Windows ottenuti da crackmapexec

Ho ottenuto alcuni hash utilizzando crackmapexec e il dumping dal processo LSA. Gli hash sono in questa forma (i dati qui sotto sono falsi):

adm_name:c6f132a235209036744ba5d303bd5d9b:SOME.ORGANISATION.COM:ORGANISATION:::

Le utilità di identificazione dell'hash in Kali non riconoscono l'hash come è, ma forniscono un output se l'hash è stato modificato.
Per lo strumento hash-identifier input:

c6f132a235209036744ba5d303bd5d9b

Risultati:

Possible Hashs:
[+]  MD5
[+]  Domain Cached Credentials - MD4(MD4(($pass)).(strtolower($username)))

Per lo strumento hashid input:

adm_name:c6f132a235209036744ba5d303bd5d9b

Uscite:

[+] Domain Cached Credentials 
[+] Domain Cached Credentials 2

john accetta gli hash così come sono ma riporta:

Warning: detected hash type "LM", but the string is also recognized as "NT"
Use the "--format=NT" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "HAVAL-128-4"
Use the "--format=HAVAL-128-4" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "lotus5"
Use the "--format=lotus5" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "MD2"
Use the "--format=MD2" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "mdc2"
Use the "--format=mdc2" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "mscash"
Use the "--format=mscash" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "mscash2"
Use the "--format=mscash2" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "Raw-MD4"
Use the "--format=Raw-MD4" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "Raw-MD5"
Use the "--format=Raw-MD5" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "Raw-MD5u"
Use the "--format=Raw-MD5u" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "ripemd-128"
Use the "--format=ripemd-128" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "Snefru-128"
Use the "--format=Snefru-128" option to force loading these as that type instead
Warning: detected hash type "LM", but the string is also recognized as "NT-old"
Use the "--format=NT-old" option to force loading these as that type instead

hashcat tenterà di crackare (usando il flag -m 1000 per i tipi di hash NTLM) se il formato è solo il digest (come nell'esempio di input hash-identifier sopra.)

Suppongo che non possano essere utilizzati in un attacco "passa l'hash" in quanto il digest sembra essere il tipo di credenziali di hash NT (unsalted MD4) nella cache. link

Oltre a rivelare nomi utente, a che cosa servono questi hash in questa forma per un utente malintenzionato? Qualsiasi guida sarebbe fantastica!