Hello Greg and all, I have the krbtgt password now.. I reset the password and using a manually entered one (beauty of a lab)
I want to create a a TGT in ASN1 format. I have a tool that creates custom tickets for Windows (metasploit), it takes three parameters 1- rc4 hash of krbtgt password 2- domain SID, or security identifier 3- principal name My questions are 1- are there structural differences between MS tickets and MIT tickets? I tried putting a windows Kerberos ticket in /tmp/ after renaming it and got a format error when I ran klist 2- by putting the ticket in the client's /tmp/ am I properly injecting it in cache? 3- If there are differences in asn.1 formatting, what's the best way to modify the ticket to ensure compatibility 4- is it trivial to create a Kerberos ticket from scratch, given that i have all principle secrets? Thanks! ________________________________ From: Greg Hudson<mailto:ghud...@mit.edu> Sent: 19/01/2015 01:17 PM To: zara...@live.com<mailto:zara...@live.com>; kerberos@mit.edu<mailto:kerberos@mit.edu> Subject: Re: NT hashes in krb5 On 01/19/2015 02:24 AM, Zaid Arafeh wrote: > If I have the K/M key (which is in the database) and I have the password > for the master key, would that make extracting hashes from the database > easier? It is possible but not convenient; you would have to write code to do the decryption. > I looked at the keytab file (thnx) , unfortunately keytab files usually > don't store the krbtgt key (which is what I am looking for ) Nothing stops you from extracting a krbtgt key to a keytab. It is true that people do not usually store krbtgt keys in keytabs--but krbtgt keys are also not normally NT hashes; they are normally random and do not correspond to any password. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
