How krb5tgs actually works? (Mathematically)
#1
Question 
Hey, I am learning about kerberos.

I know that krb5tgs module can try to crack kerberos AS-REP clienk-kdc session key encrypted with the user NT hash, and it can try to crack kerberos TGS-REP service ticket encrypted with the service account NT hash.

What I am curious about is what logic is made to crack this values.
If in the AS-REP the generated client-kdc session key is unknown and it is encrypted with the user's NT hash which is also unknown then how is it crackable? what kind of comparison is made?


Thanks
Reply
#2
Hey, in case someone knows, I am still looking for that answer. Thanks
Reply