Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Nov 2012 20:44:27 +0100
From: buawig <>
Subject: Re: cracking passwords with a kerberos traffic dump
 / aes256-cts-hmac-sha1-96 (18)

> Modifying Makefile is not necessary. Make sure you checkout
> "unstable-jumbo" branch (git checkout unstable-jumbo).
> The compilation errors are strange. Can you try the attached file
> (after deleting the old one)?

This one compiles thanks!

Unfortunately I was not able to crack a known password with it.
(although your test entry with password=openwall can be cracked)

I'm creating the john krb5ng input file like this:
tshark -r dumpfile -T fields -e kerberos.PA_ENC_TIMESTAMP.encrypted|sed
-e 's,:,,g'|grep .
which gives my the 112 hex characters string.
I split it into two parts  (88 chars $ 24 chars) and add krb5ng +
username + realm at the beginning of the line.

In my setup the username entered on the UI differs from the 'real'
username this can be seen in the kerberos.etype_info2.salt value which
shows the actual username + realm = salt (KRB5KDC_ERR_PREAUTH_REQUIRED
packet) - anyway I tried it with both versions.

Could you publish a sample pcap file including the john input file based
on that pcap file?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.