Questions tagged [kerberos]
Kerberos is a network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.
163
questions
2
votes
0
answers
18
views
Why is presence of SPN on an account causing Kerberos "failed to decrypt" error (KRB_AP_ERR_MODIFIED)
I am in a corporate environment with on-premises AD on the company.com domain.
We have an AWS VPC hosting some .Net APIs in IIS - the domain these are in is companycloud.com. These APIs are all on the ...
- 141
1
vote
1
answer
24
views
Opening PowerShell (PS) session with STs
I am solving Tryhackme> Exploiting Active Directory > Task 3. At very last, how new powershell session is opening with the dumped Service Tickets (STs)? He typed this command...
PS> New-...
- 61
2
votes
2
answers
37
views
Is Kerberos Constrained Delegation (KCD) deprecated?
Referred to the official microsoft documentation on KCD where they are using the terms KCD & Resource Based Constrained Delegation (RBCD) almost interchangeably which got me confused. They have ...
- 61
0
votes
1
answer
43
views
In Kerberos, is the "Authentication Server" the only "Trusted Third Party"? Or is "Ticket Granting Server" also a "Trusted Third Party"?
I know that AS (Authentication Server) is a TTP (Trusted Third Party) because it generates keys for two entities (for the client and the TGS).
But what about TGS (Ticket Granting Server)? It also ...
- 129
1
vote
0
answers
58
views
Why can't a user who is accessing the service on their own behalf find the "long term" keys to decrypt the service ticket and have to use U2U?
I started to study how the U2U mechanism works and got confused. The gist is as follows. When we use U2U the service ticket will be encrypted with the session key KDC of the user-"server". ...
- 11
1
vote
0
answers
81
views
Hashed Password Kerberos PKDF2 AES - ActiveDirectory [closed]
I know that in Active Directory environments passwords are stored in the form of hashes depending on encryption types used in the environment.
I understand also that when using AES as a symmetric ...
1
vote
0
answers
69
views
SPNEGO-based Kerberos authentication: Should I create a new security context using `gss_init_sec_context` for every request?
I'm implementing SPNEGO-based Kerberos authentication for a Linux client application for authenticating requests to a Windows IIS server.
I've read RFC4559, which describes how authentication should ...
- 1,267
0
votes
1
answer
192
views
Shadow Credentials attack with TGT and TGS
I am trying to replicate Shadow Credentials attack in Active Directory environment. My initial approach was to:
Use Whisker to create a new certificate on behalf of DC (successful):
Whisker.exe add /...
- 101
0
votes
1
answer
152
views
How to mitigate spoofing, keylogging password, stealing public key with smart card with external/internal smart card reader?
Here is my thought process:
I want to use smartcards without passwords for my setup. We don't want to use Iris or fingerprint or voice. I only want to put in the card whenever something needs to ...
1
vote
1
answer
279
views
Oracle Kerberos authentication on Linux host with SSSD
I have Linux servers which are members of AD domain, running SSSD demon.
SSSD is "Kerberized" and I also do want use Kerberos for Oracle db authentication.
NOTE: this is not purely about ...
- 41
3
votes
2
answers
2k
views
Kerberos - NTLM Password Hashes - Questions!
I have worked as a system administrator mainly on Widnows Server for some years now.
Over the course of time I've always had a hard time trying to fully understand how Kerberos work.
For about 3 weeks ...
2
votes
1
answer
117
views
kerberoasting on a standard user domain account
Kerberoasting is an attack against domain service accounts.
I have a custom Windows service written in C#. This service is running on a Windows server. This server is a member of the Active Directory ...
- 51
0
votes
1
answer
668
views
How is a Windows Active Directory Machine Account Password stored in Windows/Samba Clients?
It's said that a Windows Machine Account Password is usually composed of 120 characters in UTF-16-LE format. But when looking at the value stored in the Windows Registry under HKLM\SECURITY\Policy\...
- 101
1
vote
1
answer
1k
views
Why do I see LM hashes stored in Active Directory?
I'm using mimikatz to retrieve a user's password hashes from Active Directory with the following command:
lsadump::dcsync /user:mimikatz
The user's password is Pa55w.rd.
The output is
...
Credentials:...
- 364
0
votes
1
answer
131
views
How can a client safely post/get a (symmetric) client key to/from a key distribution center?
If you look at the above Kerberos protocol's diagram, you can find that the protocol works on the basis that the (symmetric) client key initially exists on both the client node and the key ...
