[EMAIL PROTECTED] writes:
> Does anyone have a version of COPS that understands AFS ACLs?
No, but last week I made a few relatively straightforward
modifications to Crack 4.1f to get it to understand how to crack AFS
kerberos databases.
This crack attack requires physical access to the kaserver
database (/usr/afs/db/kaserver.DB0), and as such cannot be used to
construct a remote attack mechanism. This is purely a sysadmin tool.
A rather wonderful side effect of the nature of ka_StringToKey is that
the run will be several orders of magnitude faster than normal Crack
is. Reference: it took us 17 hours to do our cell (10k users vs. a
290kword dict), and with a new version of fcrypt I expect another 3x
speedup (machine was a Sparc IPX). You can run this "at will" and
experiment with dictionaries.
Pending a minor release agreement with Transarc (it contains a
small amount of unpublished header file defs), I will be publishing
this to the community at large.
dan
