Hi all,
When I know ethereal 0.10.12 can decrypt kerberos data, I was so
excitting. But after testing and research 20+ hours, I failed to work
this feature out. Now I am wondering what on earth did I do wrong.
Below is my last test, after creating keytab and capture kerberos
traffic, I still can not see the decrypted kerbers info. Every things
looks the same as I did not specify a keytab file. ( I did enable the
"try to decrypt kerberos blob" option)
I attached the keytab and cap trace files. Please help me check what
would be the problem.
It will also be highly appricated if anyone can send me a sample of
keytab and cap file, so that I can have a chance to look at this cool
feature.
OS: Fedora core 4
Ethereal: ethereal-0.10.12.SVN.15374-1.fc4.i386.rpm from
http://www.ethereal.com/distribution/buildbot-builds/rpm/
KDC: windows 2003 (IP 10.5.3.1)
realm: DENYDC.COM
princ:
1. u5@xxxxxxxxxx
dump NT hash by dumpwd3e.exe, then create keytab file by ktutil on FC4
ktutil:addent -key -p u5@xxxxxxxxxx -k 3 -e arcfour-hmac-md5
2. des@xxxxxxxxxx (
create keytab file ktpass.exe on windows 2003
file attached:
816.key, contains keys for u5 and des
816.cap, des and u5 login for a Windows XP
816fc4.cap, des and u5 login from FC4 by "kinit -k -t 816.key u5@xxxxxxxxxx"
Attachment:
816fc4.cap
Description: Binary data
Attachment:
816.key
Description: Binary data
Attachment:
816.cap
Description: Binary data