Date: Thu, 15 Nov 2012 23:25:24 +0100 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump On 15 Nov, 2012, at 22:59 , buawig <buawig@...il.com> wrote: > Hi, > > given an complete traffic dump from a client authenticating to a > kerberos server (classical windows domain setup) it should be possible > to perform offline dictionary attacks, right? > > Does john support that kind of attack? > Is it limited to specific kerberos encryption types? (DES only?) > > I suppose tgtsnarf (which comes with john) is not an option if the KDC > requires PREAUTH. > > Seaching for a solution I found only: > http://www.openwall.com/lists/john-users/2010/06/21/1 > > thanks in advance. Unless I misunderstand the "windows domain" part of what you say above, you should use the mskrb5 format. Even though I am the author of that format I actually do not remember what tool would be best for converting a pcap file to a usable input file. Perhaps Cain does that. Or maybe I just copy/pasted stuff from Ethereal. Perhaps someone should write a pcap2mskrb5 tool... magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.