Date: Thu, 15 Nov 2012 23:57:47 +0100 From: buawig <buawig@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump Hi magnum, thanks for your fast reply! > Unless I misunderstand the "windows domain" part of what you say > above, you should use the mskrb5 format. > Even though I am the author > of that format I actually do not remember what tool would be best for > converting a pcap file to a usable input file. Perhaps Cain does > that. I loaded the pcap file into cain but nothing showed up in the MS Kerberos5 PreAuth section. > Or maybe I just copy/pasted stuff from Ethereal. Yes, I inspected the pcap file with wireshark and in the AS-REP packet I see the enc-part rc4-hmac but the actual value is a lot longer than the sample in mskrb5_fmt_plug.c:24 and I wouldn't know where I can find the 'checksum' value. > Perhaps > someone should write a pcap2mskrb5 tool... That would be awesome :)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.