Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Nov 2012 22:59:49 +0100
From: buawig <>
Subject: cracking passwords with a kerberos traffic dump


given an complete traffic dump from a client authenticating to a
kerberos server (classical windows domain setup) it should be possible
to perform offline dictionary attacks, right?

Does john support that kind of attack?
Is it limited to specific kerberos encryption types? (DES only?)

I suppose tgtsnarf (which comes with john) is not an option if the KDC
requires PREAUTH.

Seaching for a solution I found only:

thanks in advance.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.