lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: hvl at telefonica.de (Holger van Lengerich (Telefónica Deutschland))
Subject: Decrypting a kerberos master database

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

> I'm looking for information on decrypting a kerberos database.  Basically, I
> want to follow the steps a hacker would use to obtain passwords in the event of
> a root compromise of a master KDC.  Googling doesn't seem to turn up much, but
> maybe I'm not entering in the right keywords...

As this is specific to the Kerberos implementation, there is no one way.

Attacking MIT Kerberos and Heimdal, it is possible to dump and modify the
Database with "kadmin.local". -> RTFM or use the source. ;)

Holger

- --
  Holger van Lengerich, Dipl.-Inf., GCIA       Telef?nica Deutschland GmbH
  Security Manager                                http://www.telefonica.de
  GPG Key fingerprint = 2475 FB34 7AD6 60B3 E902  5B83 47D0 3FED 84EA 8E05

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAYVKpR9A/7YTqjgURAjq0AJ9L7keoYnSqzlMk2f1qH9ozGC7g8ACfcVBt
bvOsFIrbX3GS4mLQfNs3LYE=
=sknD
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists