05-10-2021, 10:08 AM
Hey, I am learning about kerberos.
I know that krb5tgs module can try to crack kerberos AS-REP clienk-kdc session key encrypted with the user NT hash, and it can try to crack kerberos TGS-REP service ticket encrypted with the service account NT hash.
What I am curious about is what logic is made to crack this values.
If in the AS-REP the generated client-kdc session key is unknown and it is encrypted with the user's NT hash which is also unknown then how is it crackable? what kind of comparison is made?
Thanks
I know that krb5tgs module can try to crack kerberos AS-REP clienk-kdc session key encrypted with the user NT hash, and it can try to crack kerberos TGS-REP service ticket encrypted with the service account NT hash.
What I am curious about is what logic is made to crack this values.
If in the AS-REP the generated client-kdc session key is unknown and it is encrypted with the user's NT hash which is also unknown then how is it crackable? what kind of comparison is made?
Thanks