it's my understanding that NTLM hashes are sent over the wire...? therefore any machine on the local network could intercept this hash via network-level attacks such as ARP poisoning, WiFi attacks, etc. Then the cracking box would quite happily and easily brute force the entire 8 char keyspace and reveal the pass.
it's a different threat model to hash+email retrieval via sql injection which can lead to all sorts of nastiness involving hijacking email and then other accts
it's a different threat model to hash+email retrieval via sql injection which can lead to all sorts of nastiness involving hijacking email and then other accts