hi list
I just checked in a tiny patch for telnet to dissect some authentication
options for
(kerberized) telnet.
currently only SEND and NAME suboptions are dissected but soon also,
hopefully,
the REPLY suboptions containing kerberos tickets.
Please test.
attached capture contain a kerberized telnet session to authenticate and
login.
attached is also the keytab file containing both the host/curie keytab entry
for the server
and also a few user principals (all user principals are joe-accounts =>
password==account-name)
No fear, the kerberos realm where these captures/keytabs were taken from was
a completely private network
built from scratch to generate this capture and this keytab and nothing
else. It was never attached to a real network.
all systems have been scrubbed and hteir storage destroyed since.
The non decrypted parts of the telnet options contain kerberos tickets and
stuff, something we can use to test any keytab driven
open ticket and extract the session key.
It would be very useful to continue this work and the other kerberos work
done to allow
parsing of keytab files and opening of tickets to extract the session keys
to make it easier to reverse
engineer various modern protocols.
Anyone with knowledge on how MIT kerberos keytab files are structured are
more than welcome to
email me. For our purposes we could get by with a very simple
non-threaded/non-recursive parsing of these files
and we dont need the complexity to link with any kerberos libs.
best regards ronnie s.
Attachment:
krb5.keytab
Description: Binary data
Attachment:
krb5-8.cap
Description: Binary data