man in the middle on MIT kerberos

Paul Moore paul.moore at
Fri Feb 27 14:08:02 EST 2009

my question would be - what are you trying to do?
Maybe you need delegation and forwarding rather than man in the middle

you need the target servers password hash
AD knows this - you can get at this data with pwdumpn (n=1,2,3,4,5,6)
(warning - heavy lifting)
The target server knows this too - u can probably attack it in the same

-----Original Message-----
From: krbdev-bounces at [mailto:krbdev-bounces at] On Behalf
Of Nikhil Mishra
Sent: Thursday, February 26, 2009 4:21 AM
To: krbdev at
Subject: man in the middle on MIT kerberos 

Hi All ,

I have been trying to do this for a long time but to no rescue
and so I will put it simply now.
Is it possible to create a man in the middle in a kerberos environment ,
I own admin privileges in all components of the traffic i.e ( windows
KDC , windows based application , windows based client ) ?

I have a linux box which I want to behave as man in the middle so
basically I want to be able to decrypt AP-REQ from client .

I have tried all kinds of ways but everything boils down to one thing
that is getting an authentic keytab from windows KDC for the
There isn't one utility which does this for a windows based service , at
all I know of including ktpass .

Is this possible or have I been chasing a wild goose ?


krbdev mailing list             krbdev at

More information about the krbdev mailing list