Attacks on Kerberos V
Kimmo Kasslin
kimmo.kasslin@hut.fi
Antti Tikkanen
antti.tikkanen@hut.fi
PRESENTATION SLIDES FROM SEC04 (Yliopistojen tietoturvapäivät, in Finnish)
- Kerberos V ja toistohyökkäykset (PDF) (PPT)
PAPER PRESENTED AT THE AUSTRALIAN INFORMATION WARFARE & IT SECURITY
2004
- Kerberos V Security: Replay Attacks (pdf)
SEMINAR PAPER
- Attacks on Kerberos V in a Windows 2000 Environment (pdf)
VULNERABILITY REPORTS
- Hijacking a Network Connection on a Switched Network (pdf)
- Password Attack on Kerberos V and Windows 2000 (pdf)
- Replay Attack on Kerberos V and SMB (pdf)
- Replay Attack on Kerberos V and LDAPv3 (pdf)
TOOLS CREATED DURING THE PROJECT
The tools will be published after we have completed further research of this subject.
- tool for sniffing KRB5_AS_REQ packets
- tool for cracking preauthentication data in captured KRB5_AS_REQ packets
- tool for capturing security blobs from SMB connections
- tool for capturing security blobs from LDAP connections
- patch against Samba-3.0-alpha23 to use captured security blobs for authentication
ADDITIONAL DOCUMENTS