Steve Syfuhs
Steve Syfuhs
It's not entirely clear what you're trying to accomplish. You're requesting a ticket to the current host. Is _ComputerB_ the current host? If the current host is not ComputerB then...
There are two mechanisms built into the Kerberos protocol for that. First is the session key. Both the client and server know the key, so you can use it as...
Yes, you need local admin rights to read the machine secret.
No, the issue is that the secret coming out of LSA Secrets is encrypted to non-system components. There is also an undocumented registry key you have to set to tell...
Because it's a developer tool used for troubleshooting issues, not for general purpose use. If you run it as system then it'll decode things correctly, or if you set the...
What is this value? > 01100800CCCCCCCC6000000000000000000002000100000001000000080008000400020028000000080002000400000000000000040000004E0054004C004D002800000000000000020000000000000000000000000000000000000040C4B290222052161E9628FC680ACE6B00000000 Is this the decrypted form of `PAC_CREDENTIAL_INFO.SerializedData`? Just eyeballing the bytes it looks like a fully formed RPC message. `01` = Version 1 `10`...
I see now. How are you getting `sessionKey`?
That's not the correct key. It's the DH session key. The point is to bind the NTLM key in such a way that it shows possession of the certificate's private...
Howdy folks. One of the Windows Kerberos owners here. Couple points. 1. This is not a security issue. Moreso this is not a security issue in any of _our_ products....
> I would hope that Microsoft would take that into account when making changes to their implementation. To clarify my point, we did our due-diligence against a wide swath of...