Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Nov 2012 18:23:13 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking passwords with a kerberos traffic dump /
 aes256-cts-hmac-sha1-96 (18)

On Fri, Nov 16, 2012 at 6:13 PM, buawig <buawig@...il.com> wrote:
> Yes, I noticed it too, it is aes256-cts-hmac-sha1-96 (18), which is
> probably why Cain is not able to extract ENC_TIMESTAMP from AS-REQ.
I'm not sure if it's been updated (since 2005), but there was a tool
called kerbcrack and kerbsniff (their source was/is not available), it
used to work very well at sniffing the pre-auth. I haven't tried it in
a few years: http://ntsecurity.nu/toolbox/kerbcrack/
Might "sniff along" side that tool and see if you can hammer out any
further details. I wish I had more to offer.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.