man in the middle on MIT kerberos

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Feb 27 14:27:14 EST 2009

On Fri, Feb 27, 2009 at 11:08:02AM -0800, Paul Moore wrote:
> my question would be - what are you trying to do?
> Maybe you need delegation and forwarding rather than man in the middle
> you need the target servers password hash
> AD knows this - you can get at this data with pwdumpn (n=1,2,3,4,5,6)
> (warning - heavy lifting)
> The target server knows this too - u can probably attack it in the same
> way

Newer Samba "net rpc vampire" tools can extract the server
hashes from AD.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the krbdev mailing list