kerberos – Page 9 – WindowsTechs.com

Bruteforcing via port 88 on MacOS

Posted on June 12, 2019 by user210038

Macos has open port 88 by default. Is it possible to check validity of the password via this port from Linux and how?
If the vncserver is active, it is possible to know also the username (by connecting to it with vncviewer) what would make… Continue reading Bruteforcing via port 88 on MacOS→

How much time is needed for bruteforce kerberos/ntlm?

Posted on June 8, 2019 by user2679290

My question is simply how much time an attacker needs for full bruteforce on typical complexity password policy given either
kerberos ticket/ as req or
Ntlm transaction.

This depends on the algorithm used (rc4/aes).
Assum… Continue reading How much time is needed for bruteforce kerberos/ntlm?→

In Kerberos authentication protocol, why is the TGT encrypted using the user’s key Ka?

Posted on May 5, 2019 by Jay Parekh

When the user first logs in, he fetches his TGT from the KDC along with the session key. I get why Sa (session key) is encrypted with Ka (user’s key). But why is TGT also encrypted with Ka. TGT is already pretty unbreakable o… Continue reading In Kerberos authentication protocol, why is the TGT encrypted using the user’s key Ka?→

How to retrieve Kerberos Service tickets?

Posted on May 1, 2019 by Utkarsh Agrawal

I am learning Kerberoasting see below are my steps that I am following.

Step:1. Attacker will find the SPN’s
Step:2. After identifying we will request for TGS for that SPN. This is the script for that.

Add-Type -AssemblyName System.Ident… Continue reading How to retrieve Kerberos Service tickets?→

What is possible with a non-administrative users Ticket Granting Ticket and/or NTLM hash?

Posted on April 26, 2019 by n00b

During a penetration test, if a users NTLM hash or a valid Kerberos TGT is compromised, what attacks are possible if the user is not an administrator on any (in scope) workstations? For instance, it is possible to access (non… Continue reading What is possible with a non-administrative users Ticket Granting Ticket and/or NTLM hash?→

Is there a replay cache in Kerberos 4?

Posted on April 21, 2019 by Caffeine

Does Kerberos version 4 support replay cache like in V5 – a cache that prevents replay attacks which occur within the clock skew, so the TGS knows a duplicate packet has arrived ?

Continue reading Is there a replay cache in Kerberos 4?→

Kerberos replay attack within allowed range – authenticator won’t prevent it?

Posted on April 20, 2019 by caffein

In kerberos protocol the client, after receiving a ticket to the TGS server, sends a request to the TGS and adds an authenticator to the request.

What if an attacker performs a replay attack within the allowed clock skew, so… Continue reading Kerberos replay attack within allowed range – authenticator won’t prevent it?→

Microsoft’s Latest Patch Hoses Some Antivirus Software

Posted on April 19, 2019 by Tom Spring

McAfee, Sophos and Avast are among the antivirus software suites impacted. Continue reading Microsoft’s Latest Patch Hoses Some Antivirus Software→

Use Kerberos Golden Ticket with Metasploit

Posted on March 28, 2019 by user1330734

Having compromised a domain controller during testing, I now wish to create persistent domain admin access. Also, operational security is important for me as I don’t want to be logging into netowkr hosts using domain admin cr… Continue reading Use Kerberos Golden Ticket with Metasploit→

Why Realm_tgs is needed in Kerberos v5 Protocol? (Step 2)

Posted on March 27, 2019 by MD4tw

In msg.2 the AS sends Realm_c, ID_c Ticket_tgs, K_c-tgs, times, N1, Real_tgs, ID_tgs encrypted with E_k_c.
I can’t understand why Real_tgs is included if AS and TGS are on the same machine.

Continue reading Why Realm_tgs is needed in Kerberos v5 Protocol? (Step 2)→