enum4linux-ng icon indicating copy to clipboard operation
enum4linux-ng copied to clipboard
verified publisher icon cddmp

Kerberos authentication does not seem to work

Open kqdssheng opened this issue 5 months ago • 4 comments

(1)Configure /etc/resolv.conf to be the IP address of the domain controller. (2)Next, is the command to use it like this: enum4linux-ng -u user -K user@[email protected] -A dc2012.test.com

This ticket was generated using this command:impacket-getST -dc-ip 192.168.1.1 -spn cifs/dc2012.test.com test.com/user:'pass@123'

Is there something wrong with what I'm doing and why I can't enumerate it successfully?

Image

kqdssheng avatar Sep 22 '25 11:09 kqdssheng

Thank you for opening this issue. Let's try some things to debug this:

  1. What are the permissions of the .ccache file and which version of enum4linux-ng are you running? In the most recent release I had added a check which checks ticket files for proper permissions. If the permissions are not correct the underlying samba tool command will fail.
  2. Is the ticket you use valid (use klist to test)?
  3. Could you put the ticket name into single quotes ('user@[email protected]') or rename the ccache file (e.g., test.ccache) and try again (just in case we have a weird shell issue here handling the '@' character in a certain unintended way).
  4. Run enum4linux-ng with the -v and --keep option. It will then print out the full command line it runs under the hood. Please take this command line, run it separately and print the output here. Please redact your output if necessary!

cddmp avatar Sep 22 '25 13:09 cddmp

(1)the permissions of the .ccache file is 600,enum4linux-ng version is latest(v1.3.5). (2)ticket is valid.I tested it with the tool impacket-psexec and it's fine. (3)it still doesn't work (4)below image

Image

kqdssheng avatar Sep 23 '25 02:09 kqdssheng

Can you run the smbclient command it prints out manually and post the output here? smbclient --use-krb5-ccache admin.ccache -s /tmp/tmpzclqz_1u -t 5 -c help '//dc2012.example.com/ipc$'

Btw. this time you ran in a timeout as it says timed out. You can increase the timeout, but this might not help as it also did not work before.

cddmp avatar Sep 23 '25 06:09 cddmp

I did some testing on my own. Indeed, at least recent versions of smbclient gave me trouble setting up a connection with Kerberos authentication. This needs investigation, I will therefore leave this issue open.

cddmp avatar Oct 01 '25 07:10 cddmp