Getting passwords when kerberos pre-auth IS enabled

edited February 2020 in Exploits

After getting a lot of positive feedback on my video about how GetNPUsers.py takes advantage of kerberos pre-auth being disabled, I thought I'd take a look at an attack path we can use when pre-auth is not disabled.

It does require you to have a network packet capture of a legit authentication request from the machine, but I still think its worth knowing about so I wrote a blog post on it here:
https://vbscrub.video.blog/2020/02/27/getting-passwords-from-kerberos-pre-authentication-packets/

EDIT: Just uploaded a video on this topic as well:

Comments

Sign In to comment.