Kerberos Password Sniffing

res1ah2w res1ah2w at
Sat Nov 30 21:21:39 EST 2002

I just received an e-mail from NTBUGTRAQ regarding a utility someone wrote
which will sniff out Kerberos passwords on-the-wire and crack them using a
standard dictionary crack. Here's the URL I'm not sure if it works, as I have
not tried it. I'm still having trouble wrapping my head around the idea
since the password, not even a hashed version of the password, is never sent
across the wire during a Kerberos authentication request. I could be
wrong..I'll have to look it up. I'm just having trouble figuring this out
his since Kerberos was created to prevent password sniffing.

More information about the Kerberos mailing list