Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Nov 2012 01:45:47 +0530
From: Dhiru Kholia <>
Subject: Re: cracking passwords with a kerberos traffic dump /
 aes256-cts-hmac-sha1-96 (18)

On Sun, Nov 18, 2012 at 1:14 AM, buawig <> wrote:
> Unfortunately I was not able to crack a known password with it.
> (although your test entry with password=openwall can be cracked)
> In my setup the username entered on the UI differs from the 'real'
> username this can be seen in the kerberos.etype_info2.salt value which
> shows the actual username + realm = salt (KRB5KDC_ERR_PREAUTH_REQUIRED
> packet) - anyway I tried it with both versions.
> Could you publish a sample pcap file including the john input file based
> on that pcap file?

Sure. Use and
see attached code.

I will upload this to the wiki later on.


View attachment "krb-ng_fmt_plug.c" of type "text/x-csrc" (14190 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.