Kerberos5 ticket to ascii converter?
ronnie sahlberg
ronniesahlberg at gmail.com
Tue Sep 30 11:55:21 EDT 2014
On Tue, Sep 30, 2014 at 8:25 AM, Wendy Lin <wendlin1974 at gmail.com> wrote:
> On 30 September 2014 15:25, Rick van Rein <rick at openfortress.nl> wrote:
>> Hi,
>>
>>>>> Does Kerberos5 have a ticket to ascii converter so someone can see
>>>>> what a ticket looks like in plain text?
>>>>
>>>> You might use any ASN.1 parser to see the structure, without it actually being spelled out in terms of the Kerberos field names.
>>>
>>> Is the file format of the ticket cache in ASN.1?
>>
>> That would depend on its implementation.
>
> MIT kerberos 1.12, DIR: cache
>
>> You asked for tickets ;-) which are defined in ASN.1 in the RFCs. I think the WireShark suggestion is better than mine, but it won’t do what you are asking.
>
> Why?
One reason is because most of the ticket are encrypted blobs. Without
decryption these blobs will just look like huge piles of random bytes,
so there is not really much interesting to see in the ticket.
If you want to look at the interesting parts of a ticket you really
want to decrypt these blobs.
Wireshark/tshark makes this process really easy since if you provide
it with a suitable keytab file it will automatically decrypt what it
can.
Drawback is that wireshark/tshark only works with captures files.
Good news though is that if you just have a ticket, and not a network trace,
you can with some crafting convert the ticket into a fake IP/UDP
packet containing the ticket as payloadand that feed that into
wireshark.
This is done using the editcap tool that comes with wireshark but it
requires knowledge about how to build fake ip and udp headers to
prepend to the ticket data, so it is not exactly trivial :-(
regards
ronnie sahlberg
More information about the Kerberos
mailing list