Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Nov 2012 22:59:49 +0100
From: buawig <buawig@...il.com>
To: john-users@...ts.openwall.com
Subject: cracking passwords with a kerberos traffic dump

Hi,

given an complete traffic dump from a client authenticating to a
kerberos server (classical windows domain setup) it should be possible
to perform offline dictionary attacks, right?

Does john support that kind of attack?
Is it limited to specific kerberos encryption types? (DES only?)

I suppose tgtsnarf (which comes with john) is not an option if the KDC
requires PREAUTH.

Seaching for a solution I found only:
http://www.openwall.com/lists/john-users/2010/06/21/1

thanks in advance.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.