Date: Fri, 16 Nov 2012 18:23:13 -0500 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18) On Fri, Nov 16, 2012 at 6:13 PM, buawig <buawig@...il.com> wrote: > Yes, I noticed it too, it is aes256-cts-hmac-sha1-96 (18), which is > probably why Cain is not able to extract ENC_TIMESTAMP from AS-REQ. I'm not sure if it's been updated (since 2005), but there was a tool called kerbcrack and kerbsniff (their source was/is not available), it used to work very well at sniffing the pre-auth. I haven't tried it in a few years: http://ntsecurity.nu/toolbox/kerbcrack/ Might "sniff along" side that tool and see if you can hammer out any further details. I wish I had more to offer. -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.