What is the core principle behind Pass the Hash attacks?

Pass the Hash exploits the fact that Windows NTLM authentication uses password hashes (LM or NT hash) instead of plaintext passwords. By obtaining a user's hash, an attacker can impersonate that user during authentication without knowing the actual password. This technique bypasses the normal API call (e.g., `LsaLogonUser`) that generates the hash. More details can be found in the original article Domain Penetration - Implementation of Pass The Hash.