Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Nov 2012 00:13:03 +0100
From: buawig <buawig@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking passwords with a kerberos traffic dump
 / aes256-cts-hmac-sha1-96 (18)

[I try to answer all previous emails in this single email]

> What is the value of "Encryption type" when you view the AS-REQ
> packet in Wireshark?
> 
> On my setup (which is using default values) it is 18 
> (aes256-cts-hmac-sha1-96 is being used).

Yes, I noticed it too, it is aes256-cts-hmac-sha1-96 (18), which is
probably why Cain is not able to extract ENC_TIMESTAMP from AS-REQ.

So a passive attacker would have to deal with that kind of encryption
type. An active attacker can 'tell' the client to use a weaker
encryption type that would be a lot faster to crack (downgrade attack[1]).
I haven't seen any tools that would do that out of the box though.
My win7 client even lists des-cbc-md5 (3) in his supported enc types.

Nonetheless it would be great to see an implementation for
enc type 18 / aes256-cts-hmac-sha1-96 (from a traffic capture).

[1]
http://media.blackhat.com/bh-us-10/whitepapers/Stender_Engel_Hill/BlackHat-USA-2010-Stender-Engel-Hill-Attacking-Kerberos-Deployments-wp.pdf

> That reminds me of our recent (currently only in git) krb5-18 format
> submitted by Camille Mougey. You need to uncomment HAVE_KRB5 in
> Makefile to build it (and you need libkrb5-dev installed).

When looking for something that can handle enc type 18 I stumbled also
on it:
http://www.openwall.com/lists/john-dev/2012/09/06/3

> Apparently both these would attack a dumped realm database though -
> not sniffed data.

Ok, this probably explains why my value has 112 chars and krb5-18_fmt.c
expects 64.

>> I loaded the pcap file into cain but nothing showed up in the MS
>> Kerberos5 PreAuth section.
> 
> But you did sniff a windows client logging on to the Microsoft AD, or did you not?

Yes, correctly (windows client AD auth.).

> Here's an article that I referenced in the mskrb5 source code:
> http://www.securiteam.com/windowsntfocus/5BP0H0A6KM.html

Since I learned that john's best documentation (expected file format for
specific hash types) is found in it's .c files I always have a look at
them and saw that URL, this was also the moment when I was wondering if
mskrb5 might only apply for older windows versions - which is the case
as we know now (at least without performing an active downgrade attack).

Thank you for your help and numerous answers, looking forward to see
krb5-18-traffic_fmt.c ;)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.