Re: Kerberos login sniffer and cracker for Windows 2000/XP

From: Frank O'Dwyer (fod@LITTLECATZ.COM)
Date: 12/01/02

  • Next message: John Stanners: "Attachment blocking with Gordano Messaging Suite"
    Date:         Sun, 1 Dec 2002 11:23:20 -0000
    From: Frank O'Dwyer <fod@LITTLECATZ.COM>
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    > I've coded a simple Kerberos login sniffer and cracker for Windows 2000/XP
    > that you might find useful. You can find it for download at:
    >
    > http://ntsecurity.nu/toolbox/kerbcrack/
    >
    > Regards /Arne

    This should shed some light on the 'full disclosure' debate.

    The vulnerability used by this thing, and the associated fixes, are well
    known and documented in the literature for over a decade. I and others have
    been banging on about it for years. Several papers, including one of my own,
    have been written in an attempt to hammer home the message that tools like
    this one were possible and simply a matter of time.

    And yet somehow 1000s of admins have STILL got the message that Kerberos is
    'unsniffable'. There doesn't seem to have been any urgency from vendors to
    correct this impression, never mind the vulnerability itself. Instead
    solutions to the problem are currently quietly and slowly wending their way
    through the IETF process.

    What will happen now? Will there be a sudden scramble to implement fixes now
    that this tool has been announced? This guy hasn't put a nice GUI on the
    tool. Yet. Will we have to wait for that?

    After all the 'full disclosure' to and fro, is this sort of nonsense STILL
    what it takes to get information into the hands of users, and obvious
    security issues treated with urgency?

    Cheers,
    Frank O'Dwyer
    fod@littlecatZ.com

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Demonstrate your knowledge and understanding of core IT Security, become
    TICSA certified.

    Are you responsible for IT security in job function, but not necessarily
    in title? Do you want to prove your IT security knowledge and increase
    opportunities? Interested? Visit;

    http://www.trusecure.com/solutions/certifications/ticsa/

    for more information.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



    Relevant Pages

    • Re: Revised: Microsoft Security Bulletin - MS02-066
      ... Subject: Revised: Microsoft Security Bulletin - MS02-066 ... Delivery co-sponsored by TruSecure Corporation ... Do you want to prove your IT security knowledge and increase ...
      (NT-Bugtraq)
    • Re: bind 8 info update regarding ISS
      ... I don't understand why instead of finding bugs you whine about responsibility ... Demonstrate your knowledge and understanding of core IT Security, ... Do you want to prove your IT security knowledge and increase ...
      (NT-Bugtraq)
    • Re: CISSP
      ... I see many job postings that are asking for CISSP certs. ... "Have a minimum 4 years of direct full-time security professional work ... that requires IS security knowledge and involves the ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: MS02-071, shatter?
      ... I have no time for testing, but think its not only WM_TIMER problem resolution. ... Getad use WM_COPYDATA message. ... Demonstrate your knowledge and understanding of core IT Security, ... Do you want to prove your IT security knowledge and increase ...
      (NT-Bugtraq)