Questions tagged [kerberos]
Kerberos is a network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.
170 questions
1 vote
1 answer
86 views
Kerberos Kinit: How is Diffie Hellman PKE with Ephemeral Keys Performed?
How is Diffie Hellman PKE with Ephemeral keys performed using Kerberos and KINIT? Has it been implemented yet in MIT or Heimdal Kerberos? I think it might be RFC 9528. I ask because I can't seem to ...
- 47
3 votes
1 answer
400 views
Kerberos: authenticating and securing with 'pkinit' vs 'kinit'? Different threats for each?
What are is the threat vector comparison using 'pkinit' (public-key) vs 'kinit' (password hash) with Kerberos for authentication and distribution of session keys (CK)? On Unix OS? I'm finding the ...
- 47
0 votes
1 answer
104 views
Kerberos kinit password: what is it used for? Cryptographically?
Why is a password be presented during 'kinit' to authenticate with Kerberos? Cryptographically? In this post the Kerberos protocol is described and it appears to use symmetric keys. Given that, I ...
- 47
3 votes
1 answer
207 views
How does Windows store interactive logon credentials in memory in a domain environment?
I’m trying to understand how a user’s domain credentials are stored in the LSASS (Local Security Authority Subsystem Service) process after performing an interactive logon, such as through RDP (Remote ...
- 31
3 votes
0 answers
194 views
Is the AS-REQ Kerberoast attack on AD a violation of Kerberos RFCs?
The new Kerberos AS-REQ-requested attack is somewhat different from a normal Kerberoast, in that instead of requesting a Service Ticket (for offline cracking) via a normal TGS-REQ, it's requested via ...
- 131
0 votes
2 answers
104 views
Playing with krlogin I found the connection to be in cleartext
Today I'm playing with kerberos on old solaris10 machine (I know support is ending, security, etc.. is a local vm, used for testing and knownledge). Setup kerberos on Solaris10 server, I made rlogin ...
- 243
0 votes
0 answers
94 views
Administrator escalating to SYSTEM in the normal course of things
I am learning about interacting with Kerberos from a programming standpoint and have been recreating some of Rubeus's functions as a way of learning (because what better open source program is there ...
- 531
2 votes
0 answers
340 views
Why is presence of SPN on an account causing Kerberos "failed to decrypt" error (KRB_AP_ERR_MODIFIED)
I am in a corporate environment with on-premises AD on the company.com domain. We have an AWS VPC hosting some .Net APIs in IIS - the domain these are in is companycloud.com. These APIs are all on the ...
- 141
2 votes
1 answer
107 views
Opening PowerShell (PS) session with Service Tickets (STs)
I am solving Tryhackme> Exploiting Active Directory > Task 3. At very last, how new powershell session is opening with the dumped STs? He typed this command... PS> New-PSSession -ComputerName ...
- 85
2 votes
2 answers
333 views
Is Kerberos Constrained Delegation (KCD) deprecated?
Referred to the official microsoft documentation on KCD where they are using the terms KCD & Resource Based Constrained Delegation (RBCD) almost interchangeably which got me confused. They have ...
- 85
0 votes
1 answer
100 views
In Kerberos, is the "Authentication Server" the only "Trusted Third Party"? Or is "Ticket Granting Server" also a "Trusted Third Party"?
I know that AS (Authentication Server) is a TTP (Trusted Third Party) because it generates keys for two entities (for the client and the TGS). But what about TGS (Ticket Granting Server)? It also ...
- 537
2 votes
1 answer
155 views
Why can't a user who is accessing the service on their own behalf find the "long term" keys to decrypt the service ticket and have to use U2U?
I started to study how the U2U mechanism works and got confused. The gist is as follows. When we use U2U the service ticket will be encrypted with the session key KDC of the user-"server". ...
- 21
1 vote
0 answers
123 views
Hashed Password Kerberos PKDF2 AES - ActiveDirectory [closed]
I know that in Active Directory environments passwords are stored in the form of hashes depending on encryption types used in the environment. I understand also that when using AES as a symmetric ...
1 vote
0 answers
122 views
SPNEGO-based Kerberos authentication: Should I create a new security context using `gss_init_sec_context` for every request?
I'm implementing SPNEGO-based Kerberos authentication for a Linux client application for authenticating requests to a Windows IIS server. I've read RFC4559, which describes how authentication should ...
- 1,317
0 votes
1 answer
441 views
Shadow Credentials attack with TGT and TGS
I am trying to replicate Shadow Credentials attack in Active Directory environment. My initial approach was to: Use Whisker to create a new certificate on behalf of DC (successful): Whisker.exe add /...
- 101