Kerberoasting-Attack / NTLM Hash cracking
#1
Hi all,

I just performed a few Kerberoasting Attacks in a lab and extracted the following RC4-HMAC Hash:

Code:
$krb5tgs$23$*svc_sql$kirk.enterprises$MSSQLSvc/SECOPS-LAB1-ADC.kirk.enterprises:1433*$848EFFF61328D62539D58DF4D72BD175$53003E72E7942CB4EE184F12CDBA9716E5319B1B369339CE568A8EDA23C0AC9DA1E0DE3F73CB446749CBF3133387A982EF3D5DFC0420F88F8E3D12C91C29F587CC3C85E916B9118273D6D5A686256F4780D87FFB7271FA137EE6F18E6B7938C1740F6229E19D72C98C156CEEB4A42E665E9A0438B70107C8219906F034CE0C376BFB83F15D56E7DFC590E089DD221F88F3E11A6E27DC850776A820D5D9BB8B86F306A21381545287FA9987081EA25941ABB4F275AD23497E489ED0D77CCED64A66B15DBEEB7F3673E7134E89801C4651E07A21E38B07D002A49EA36E9BD22721524BABB46415441B04DF19EC0844889BD04C4819782E898FBDC1A10307590949B4FB66CE1C94D673B326DDFDBF9D1E3D23E5842648D01C4A220F3279AF44215EF42A9D731E18DF2D5226AC1747A99369D3A50A75E586519B3D28D975B3F8197447E26FA194F7C8C01BA88E9D6D8104BF01863F3B2F44E7C93DF5AECE9A6E07FD062C3D935BD29C1A9D485504AAC713FC1BDBA506D7CDEABB1E47E006D13B58AB6F1CF7042C1CA95CDF9083122224353D2F621C66127B645CD03130FC4B06920580147511E980DBBE7053ACBA3232F6458C3F3D274B5A76E432BF2C3FFAB025155C83C37F7A7CC486DAA6912E77C232A453BBFCEE99CC7745686831321EEAEE04DD2F1C0DAB453D67F9AB455FE6A0986A9E0009D901F4C4A546ED6A47A6C9454784A8A170CEA79A2D7B6BA0D930458E74E14351CBE74ECCFE888BA38929ACCE1230F25FBA36BC6F7C57E53F2CC994653411DEB8AD5B6F4C8422D85CF50E0B81E320300C5AE0B8F3E38C8AA57B8615D2AD258F9F099A8E0AEDDFC6F22004C82368EC1F927C0437BE4031DDAA1D5221D4313EC2D896F123F0DF06CCA0859E26F6AB5DC6391889D2EAF315039642840F40932B7B93022DDF9AA55E69A2B43B8185B91501500A68EEEA9BE8D1D9D5024765429C52CBA5427998981C466C5FB0F1BE8DD0F389413A31A1FEE59C2A92042796BE5DE2F0B5887D592ED80CD6FEF0E3B76A443C3BA2DBCE36187DEC891C41E8138494E655F79EB8FFEAAE38BC5621146086FA87BB161BD801CC389A5094DB772F91D6D41417FD59CE924C4D8DFC6FB3D7B0C3EB1DA3C02E9878BCD57076780C91D3741A9414BA9611B8E58B8FCBDB1DD2A59466BCEA8FF967C413400DC0E0DC694AC4EB180D4C49C50FDFCFBD8A6C27DA4775BD25A48BDED87F0DC65479A9834DDDB81291711F586AE5C0086FC3ABBAA80299A1D77532D7F9D7C588773B73534E5DFEE523CC875774B2397A74DBCE5F1247CC5463986F6404E09C0ED1DCB6E936CA2C7424D09E76F420CD6B237231507D09E5B43936EC974E1FD46BA9735058DD69344E37741491B1A0C63C73F1FA772C97455B0A7680E9CB32A3FDD886E2330851E6203BACC24E5729CA0BAA4C7ABCB84E6C974897F9D108A129B9431E3249C1D2AC7DC111951CD676E13081FC807F43E9E75CC9D0CF3707F6C08661523BA35F340F5295475F6842

The password is a random 12 char with lower case, upper case and special chars. I played arround with hashcat on a VM with 4 Tesla K80 and did not manage to bruteforce the password:
  • First try with 
    Code:
    hashcat -m 13100 hash.txt -o result.txt -O -w 3 -a 3
    did not result in a successful exfiltration of the password after 5d
  • Second try with 
    Code:
    hashcat -m 13100 hash.txt -o result.txt -O -w 3 -a 3 -i -incremental-min=12 -incremental-max=12
    showed that the password will be cracked after 177 yrs
Is there any way to optimizie the bruteforce process for random passwords? And: is it possible to extratct the NLTM hash only without cracking the password? Extracting the NTLM hash will be sufficient to perform "pass the hash"-attacks.


Thanks guys!
Tobi
Reply
#2
If you know for a fact that it's *truly* 12 random characters... then it's not crackable in a reasonable amount of time.

If you do the math:

https://www.wolframalpha.com/input/?i=(2...2B34)%5E12

... it should be immediately clear why.
~
Reply
#3
Moreoever, why Tesla K80 ? GTX 2080 Ti are about 10x faster.
I'm not kerberos expert but I don't think you can 'extract' NTLM hash from a $krb5tgs hash.
Reply
#4
(08-04-2019, 08:12 PM)royce Wrote: If you know for a fact that it's *truly* 12 random characters... then it's not crackable in a reasonable amount of time.

If you do the math:

https://www.wolframalpha.com/input/?i=(2...2B34)%5E12

... it should be immediately clear why.

Thank you. I see the point, but how do you define "truly" random? I assume passwords generated by a browser password plugin are not truly random. But: how do you crack them, if you won't invest a huge effort? If there is no (easy) way, why would you use passwords with > 16 chars? (e.g. https://malicious.link/post/2017/05-06-2...c-numbers/)

(08-04-2019, 11:08 PM)Mem5 Wrote: Moreoever, why Tesla K80 ? GTX 2080 Ti are about 10x faster.
I'm not kerberos expert but I don't think you can 'extract' NTLM hash from a $krb5tgs hash.
I have > 5k USD free credit with azure for testing purposes :-)
OK, thanks for your feedback!
Reply
#5
(08-04-2019, 11:51 PM)SailingTobi Wrote: how do you define "truly" random? I assume passwords generated by a browser password plugin are not truly random.
They are random, but predictible.
Are you talking about Dashlane? If yes, the default password is 12 characters using 'just' letters and digits (no symbols).
So hashcat mask would be ?u?l?d.
New equation would be : https://www.wolframalpha.com/input/?i=(2...2B10)%5E12     still huge..
Reply
#6
(08-05-2019, 09:00 AM)Mem5 Wrote:
(08-04-2019, 11:51 PM)SailingTobi Wrote: how do you define "truly" random? I assume passwords generated by a browser password plugin are not truly random.
They are random, but predictible.
Are you talking about Dashlane? If yes, the default password is 12 characters using 'just' letters and digits (no symbols).
So hashcat mask would be ?u?l?d.
New equation would be : https://www.wolframalpha.com/input/?i=(2...2B10)%5E12     still huge..

Thanks for your reply. I just Passbolt in my lab. Cracking 8 char "random" passwords did work well.
Reply