Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5b5b6b40c79a705dcf5065f51411f6b7@smtp.hushmail.com>
Date: Thu, 15 Nov 2012 23:25:24 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking passwords with a kerberos traffic dump

On 15 Nov, 2012, at 22:59 , buawig <buawig@...il.com> wrote:

> Hi,
> 
> given an complete traffic dump from a client authenticating to a
> kerberos server (classical windows domain setup) it should be possible
> to perform offline dictionary attacks, right?
> 
> Does john support that kind of attack?
> Is it limited to specific kerberos encryption types? (DES only?)
> 
> I suppose tgtsnarf (which comes with john) is not an option if the KDC
> requires PREAUTH.
> 
> Seaching for a solution I found only:
> http://www.openwall.com/lists/john-users/2010/06/21/1
> 
> thanks in advance.


Unless I misunderstand the "windows domain" part of what you say above, you should use the mskrb5 format. Even though I am the author of that format I actually do not remember what tool would be best for converting a pcap file to a usable input file. Perhaps Cain does that. Or maybe I just copy/pasted stuff from Ethereal. Perhaps someone should write a pcap2mskrb5 tool...

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.