I was wondering about what might be wrong here:
I was trying to get the NTLM hashes from another test computer in my switched LAN.
Started Cain ( www.oxid.it ) Enabled ARP poison routing, got to the other computer to log on to the computer running Cain. Then checked Cain, yes it sniffed SMB-actions. Imported the hashes to the cracker, but all the passwords where "empty". Noticed that these logons where logged on as Guest. Darn.. So I changed the Guest account password. And tried again. This time the logon attempts where Failed. And I got new hashes, but again the pass. where "empty".
The reason why I tried the above was that I have been told that windows will try the logged in user as an final attempt to access network shares on another computer..

Anyone who figures out what went wrong in my attempt?