Getting passwords when kerberos pre-auth IS enabled

edited February 2020 in Exploits

After getting a lot of positive feedback on my video about how takes advantage of kerberos pre-auth being disabled, I thought I'd take a look at an attack path we can use when pre-auth is not disabled.

It does require you to have a network packet capture of a legit authentication request from the machine, but I still think its worth knowing about so I wrote a blog post on it here:

EDIT: Just uploaded a video on this topic as well:


Sign In to comment.