Docs: Add NTLM hash details to PowerShell exploiter docs

docs/content/reference/exploiters/PowerShell.md

@@ -22,8 +22,9 @@ The PowerShell exploiter can be run from both Linux and Windows attackers. On
 Windows attackers, the exploiter has the ability to use the cached username
 and/or password from the current user. On both Linux and Windows attackers, the
 exploiter uses all combinations of the [user-configured usernames and
-passwords]({{< ref "/usage/configuration/basic-credentials" >}}). Different
+passwords]({{< ref "/usage/configuration/basic-credentials" >}}), as well as
-combinations of credentials are attempted in the following order:
+and LM or NT hashes that have been collected. Different combinations of
+credentials are attempted in the following order:
 
 1. **Cached username and password (Windows attacker only)** - The exploiter will
    use the stored credentials of the current user to attempt to log into the
@@ -47,6 +48,16 @@ combinations of credentials are attempted in the following order:
    all combinations of usernames and passwords that were set in the
    [configuration.]({{< ref "/usage/configuration/basic-credentials" >}})
 
+1. **Brute force usernames and LM hashes** - The exploiter will attempt to use
+   all combinations of usernames that were set in the [configuration]({{< ref
+   "/usage/configuration/basic-credentials" >}}) and LM hashes that were
+   collected from any other victims.
+
+1. **Brute force usernames and NT hashes** - The exploiter will attempt to use
+   all combinations of usernames that were set in the [configuration]({{< ref
+   "/usage/configuration/basic-credentials" >}}) and NT hashes that were
+   collected from any other victims.
+
 
 #### Securing PowerShell Remoting