I just received an e-mail from NTBUGTRAQ regarding a utility someone wrote which will sniff out Kerberos passwords on-the-wire and crack them using a standard dictionary crack. Here's the URL http://ntsecurity.nu/toolbox/kerbcrack/. I'm not sure if it works, as I have not tried it. I'm still having trouble wrapping my head around the idea since the password, not even a hashed version of the password, is never sent across the wire during a Kerberos authentication request. I could be wrong..I'll have to look it up. I'm just having trouble figuring this out his since Kerberos was created to prevent password sniffing.
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
