[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Kerberos login sniffer and cracker for Windows 2000/XP



Aloha, Arne.

Where can we find the source code for kerbcrack?

It may be useful to point out that Internet Explorer 5.0 and later support
Kerberos authentication by way of a Negotiate WWW-Authenticate header that
is always sent by IIS paired with a classic NTLM WWW-Authenticate header. IE
sends BOTH NTLM and Kerberos authorization data back to IIS, letting it pick
the one it prefers to use.

Kerbcrack points out the need for IPSec to be used in conjunction with
Kerberos, but lazy client implementations that can't be forced to stop using
older less-secure authentication methods concurrently with Kerberos are also
an ongoing problem.

Sincerely,

Jason Coombs
jasonc@xxxxxxxxxxx

-----Original Message-----
From: Arne Vidstrom [mailto:arne.vidstrom@xxxxxxxxxxxxx]
Sent: Wednesday, November 27, 2002 8:06 PM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Kerberos login sniffer and cracker for Windows 2000/XP


Hi all,

I've coded a simple Kerberos login sniffer and cracker for Windows 2000/XP
that you might find useful. You can find it for download at:

http://ntsecurity.nu/toolbox/kerbcrack/

Regards /Arne