Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Nov 2012 23:25:24 +0100
From: magnum <>
Subject: Re: cracking passwords with a kerberos traffic dump

On 15 Nov, 2012, at 22:59 , buawig <> wrote:

> Hi,
> given an complete traffic dump from a client authenticating to a
> kerberos server (classical windows domain setup) it should be possible
> to perform offline dictionary attacks, right?
> Does john support that kind of attack?
> Is it limited to specific kerberos encryption types? (DES only?)
> I suppose tgtsnarf (which comes with john) is not an option if the KDC
> requires PREAUTH.
> Seaching for a solution I found only:
> thanks in advance.

Unless I misunderstand the "windows domain" part of what you say above, you should use the mskrb5 format. Even though I am the author of that format I actually do not remember what tool would be best for converting a pcap file to a usable input file. Perhaps Cain does that. Or maybe I just copy/pasted stuff from Ethereal. Perhaps someone should write a pcap2mskrb5 tool...


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.