Hi,
Im kinda new to all of this so im sorry in advance if i do any mistake/misteps while asking my question here.
Anyway, im trying to finish a Root-Me challenge that ask me to find the password of a user linked to a suspicious kerberos connection in a PCAP file. I extracted manually a krb5 pre-authentication hash from this file (i extracted the "CNameString", the "Realm", the "etype" and the "cipher") from one AS-REP request. In my case, the etype is 18.
I assembled thoses informations like the following in a file "krb_hash.txt" :
$krb5pa$18$<username>$<realm>$<cipher>.
My problem is that the cipher i have in the AS-REP in the pcap file is waaaaaay longer than the cipher length that i see in the https://hashcat.net/wiki/doku.php?id=example_hashes.
To be more precise, in the examples hashes i see that the cipher corresponding to my etype is supposed to 112 characters long, while the cipher i have in the pcap file is 548 characters long...
When i try to launch a hascat on my file i get the following error :
"Hashfile 'krb_hash.txt' on line 1 ($krb5p...f4320028a648c94d209d772d88a161e0): Token length exception"
I tried to cut the cipher to make it exactly 112 characters long (in which case the hashcat launches correctly) but obviously i get no result from this.
What should i do?
Im kinda new to all of this so im sorry in advance if i do any mistake/misteps while asking my question here.
Anyway, im trying to finish a Root-Me challenge that ask me to find the password of a user linked to a suspicious kerberos connection in a PCAP file. I extracted manually a krb5 pre-authentication hash from this file (i extracted the "CNameString", the "Realm", the "etype" and the "cipher") from one AS-REP request. In my case, the etype is 18.
I assembled thoses informations like the following in a file "krb_hash.txt" :
$krb5pa$18$<username>$<realm>$<cipher>.
My problem is that the cipher i have in the AS-REP in the pcap file is waaaaaay longer than the cipher length that i see in the https://hashcat.net/wiki/doku.php?id=example_hashes.
To be more precise, in the examples hashes i see that the cipher corresponding to my etype is supposed to 112 characters long, while the cipher i have in the pcap file is 548 characters long...
When i try to launch a hascat on my file i get the following error :
"Hashfile 'krb_hash.txt' on line 1 ($krb5p...f4320028a648c94d209d772d88a161e0): Token length exception"
I tried to cut the cipher to make it exactly 112 characters long (in which case the hashcat launches correctly) but obviously i get no result from this.
What should i do?
