Dhiru Kholia
Dhiru Kholia
Yes, this is very useful when you don't know the `cipher mode`. When the user knows that a single cipher was used, there is no need to try other `cipher...
I haven't seen any proof (or proof-of-concept) that doing this is possible. Also see my comments in PR https://github.com/magnumripper/JohnTheRipper/pull/2822.
@elitest Do you have any proof (or proof-of-concept) that `Kerberoasting` of TGS-REP messages which use etype 17 and 18 is technically possible? Have you considered the possibility that it might...
> One other issue specific to john, is that I believe john's TGS hash format will need to be modified or something as it doesn't specify which type of crypto...
Maybe @gentilkiwi, @pyrotek3, @Fist0urs, and @harmj0y have something to say on this topic (i.e. Kerberoasting of etype 17 and 18 "hashes" instead of etype 23). It seems that solving this...
@gentilkiwi Thanks for taking a look at this stuff! đź‘Ť I have the `AES key derivation` part working as well [1]. The parts that I am missing are (1) how...
> Did you take a look in: https://www.ietf.org/rfc/rfc3962.txt? Yes, we have already implemented this entire RFC in the `krb5pa-sha1_fmt_plug.c` and `krb5_asrep_fmt_plug.c` files. These plugins crack the various AS-REP messages which...
Here are some rough ideas on how further progress can be made. Please note that I am not sure if this approach is even correct. I suspect that Kerberos functionality...
@elitest Yes, that is correct. https://adsecurity.org/?p=2293 says, "The TGS is encrypted using the target service accounts’ NTLM password hash and sent to the user (TGS-REP)". This is what makes Kerberoasting...
So far no one has been able to prove that this task/technique is possible.