Date: Sat, 17 Nov 2012 00:13:03 +0100 From: buawig <buawig@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18) [I try to answer all previous emails in this single email] > What is the value of "Encryption type" when you view the AS-REQ > packet in Wireshark? > > On my setup (which is using default values) it is 18 > (aes256-cts-hmac-sha1-96 is being used). Yes, I noticed it too, it is aes256-cts-hmac-sha1-96 (18), which is probably why Cain is not able to extract ENC_TIMESTAMP from AS-REQ. So a passive attacker would have to deal with that kind of encryption type. An active attacker can 'tell' the client to use a weaker encryption type that would be a lot faster to crack (downgrade attack). I haven't seen any tools that would do that out of the box though. My win7 client even lists des-cbc-md5 (3) in his supported enc types. Nonetheless it would be great to see an implementation for enc type 18 / aes256-cts-hmac-sha1-96 (from a traffic capture).  http://media.blackhat.com/bh-us-10/whitepapers/Stender_Engel_Hill/BlackHat-USA-2010-Stender-Engel-Hill-Attacking-Kerberos-Deployments-wp.pdf > That reminds me of our recent (currently only in git) krb5-18 format > submitted by Camille Mougey. You need to uncomment HAVE_KRB5 in > Makefile to build it (and you need libkrb5-dev installed). When looking for something that can handle enc type 18 I stumbled also on it: http://www.openwall.com/lists/john-dev/2012/09/06/3 > Apparently both these would attack a dumped realm database though - > not sniffed data. Ok, this probably explains why my value has 112 chars and krb5-18_fmt.c expects 64. >> I loaded the pcap file into cain but nothing showed up in the MS >> Kerberos5 PreAuth section. > > But you did sniff a windows client logging on to the Microsoft AD, or did you not? Yes, correctly (windows client AD auth.). > Here's an article that I referenced in the mskrb5 source code: > http://www.securiteam.com/windowsntfocus/5BP0H0A6KM.html Since I learned that john's best documentation (expected file format for specific hash types) is found in it's .c files I always have a look at them and saw that URL, this was also the moment when I was wondering if mskrb5 might only apply for older windows versions - which is the case as we know now (at least without performing an active downgrade attack). Thank you for your help and numerous answers, looking forward to see krb5-18-traffic_fmt.c ;)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.