Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Nov 2012 21:33:51 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking passwords with a kerberos traffic dump

On Fri, Nov 16, 2012 at 4:27 AM, buawig <buawig@...il.com> wrote:
> I loaded the pcap file into cain but nothing showed up in the MS
> Kerberos5 PreAuth section.
> Yes, I inspected the pcap file with wireshark and in the AS-REP packet I
> see the enc-part rc4-hmac but the actual value is a lot longer than the
> sample in mskrb5_fmt_plug.c:24
> and I wouldn't know where I can find the 'checksum' value.

What is the value of "Encryption type" when you view the AS-REQ packet
in Wireshark?

On my setup (which is using default values) it is 18
(aes256-cts-hmac-sha1-96 is being used).

We might need to implement http://www.packetizer.com/rfc/rfc3962/ in JtR.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.