The NetBIOS Auditing Tool (NAT) is a command-line automated password guessing tool.
Windows authentication protocols include
LM authentication Used by 95/98/ME and based on DES.
NTLM authentication Used by NT until service pack 3 and based on DES and MD4.
NTLM v2 authentication Used post NT service pack 2 and based on MD4 and MD5.
Kerberos Implemented in Windows 2000 and created by MIT in 1988.
LM passwords are considered weak. The maximum 14 character password is divided into two seven character parts; the two hashed results are concatenated and stored as the LM hash, which is stored in the SAM. Each piece can be cracked separately.
NTFS alternate data streams (ADS) was developed to provide for compatibility outside the Windows world with structures such as the Macintosh Hierarchical File System (HFS). It is a prime tool that can be used by hackers to hide tools. It only works with NTFS drives.