Date: Fri, 16 Nov 2012 21:33:51 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump On Fri, Nov 16, 2012 at 4:27 AM, buawig <buawig@...il.com> wrote: > I loaded the pcap file into cain but nothing showed up in the MS > Kerberos5 PreAuth section. > Yes, I inspected the pcap file with wireshark and in the AS-REP packet I > see the enc-part rc4-hmac but the actual value is a lot longer than the > sample in mskrb5_fmt_plug.c:24 > and I wouldn't know where I can find the 'checksum' value. What is the value of "Encryption type" when you view the AS-REQ packet in Wireshark? On my setup (which is using default values) it is 18 (aes256-cts-hmac-sha1-96 is being used). We might need to implement http://www.packetizer.com/rfc/rfc3962/ in JtR. -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.