hashcat Forum
How krb5tgs actually works? (Mathematically) - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: How krb5tgs actually works? (Mathematically) (/thread-10089.html)



How krb5tgs actually works? (Mathematically) - sia2000 - 05-10-2021

Hey, I am learning about kerberos.

I know that krb5tgs module can try to crack kerberos AS-REP clienk-kdc session key encrypted with the user NT hash, and it can try to crack kerberos TGS-REP service ticket encrypted with the service account NT hash.

What I am curious about is what logic is made to crack this values.
If in the AS-REP the generated client-kdc session key is unknown and it is encrypted with the user's NT hash which is also unknown then how is it crackable? what kind of comparison is made?


Thanks


RE: How krb5tgs actually works? (Mathematically) - sia2000 - 05-25-2021

Hey, in case someone knows, I am still looking for that answer. Thanks